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Abstract 



We propose a logic of interactive proofs as the first and main step 
towards an intuitionistic foundation for interactive computation to be ob- 
tained via an interactive analog of the Godel-Kolmogorov-Artemov def- 
inition of intuitionistic logic as embedded into a classical modal logic 
of proofs, and of the Curry-Howard isomorphism between intuitionistic 
proofs and typed programs. Our interactive proofs effectuate a persis- 
tent epistemic impact in their intended communities of peer reviewers 
that consists in the induction of the (propositional) knowledge of their 
proof goal by means of the (individual) knowledge of the proof with the 
interpreting reviewer. That is, interactive proofs effectuate a transfer of 
propositional knowledge (knowable facts) via the transmission of certain 
individual knowledge (knowable proofs) in multi-agent distributed sys- 
tems. In other words, we as a community can have the formal common 
knowledge that a proof is that which if known to one of our peer members 
would induce the knowledge of its proof goal with that member. 

Keywords cryptographic and interpreted communication; designated- 
verifier proofs; equality of proofs; interactive and oracle computation; 
multi-agent distributed systems; normal modal logics; Popper; proofs as 
sufficient evidence. 

1 Introduction 

The subject matter of this paper is a formal logic of interactive proofs to be 
used for an intuitionistic foundation of interactive computation. 

*Work funded mostly with Grant P 08742 from the Japan Society for the Promotion of 
Science, and to a lesser extent with Grant AFR 894328 from the National Research Fund 
Luxembourg cofunded under the Marie-Gurie Actions of the European Gommission (FP7- 




1.1 Motivation, Goal &z Problem 



1.1.1 Motivation 

In jGSW06| . interactive computation is proposed as the new, to-be-defined 
paradigm of computation, as opposed to the old paradigm of non-interactive 
computation in the sense of the old sages like Turing and others. The motiva- 
tion for this paper is the consensus of the contributors to |GSW06j . which is 
that the purpose of interactive computation ultimately is not the computation 
of result values, to which we consent, but the possibly unending interaction 
itself, from which we dissent. Interaction may well be unending, but it can- 
not be a self-purpose because if it were then all interactive programs would be 
quines — rhetorically exaggerated. (A quine program [rejproduces itself and only 
itself.) 

1.1.2 Goal 

Our goal is to reach consensus with the reader that values are only the means — 
not the ends — of interactive computation, and that the purpose of interac- 
tive computation is interpreted communication between distributed 
man or machine agents interacting via message passing. Note that 
a communication channel/medium can be modelled as a machine agent. For 
example in communication security, which is an important application of inter- 
active computation, the communication medium is an adversary. 

1.1.3 Problem 

So what is interpreted communication? According to Shannon |Sha48| 

The fundamental problem of [uninterpreted] communication is that 
of reproducing at one point either exactly or approximately a mes- 
sage selected at another point. 

In analogy, we declare: 

The fundamental problem of interpreted communication is that of 
[re] producing at one point either exactly or approximately the in- 
tended meaning of a message selected at another point. 

Note that due to the distribution of the different agents in a communication 
system, which may have different views of the system, the agents constitute 
different message interpretation contexts. Hence, identical messages may well 
be interpreted differently in different contexts, and thus have different meanings 
to different agents. As a matter of fact, message misinterpretations are ubiq- 
uitous in man or machine communications, e.g., in communication protocols 
|And08| Chapter 3], and may have serious or even catastrophic consequences, 

^The standard typographic convention of brackets occurring within in-lined or displayed 
quoted text indicates that the text within the brackets does not occur in the original text. 
So, "[uninterpreted]" indicates that "uninterpreted" does not occur in the original text. 
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e.g., in the context of nuclear command and control |And08[ Chapter 13]. In- 
deed, [rejproducing intended message meaning across interpretation contexts is 
a highly critical and non-trivial problem. But what does message meaning mean 
more precisely? 

In |Kra07b| . we argue that the (denotational) meaning of a message in a 
given interpretation context is the propositional knowledge that the individual 



knowledge of that message induces in that context (cf. Page 21 and Section 2.1 
here). (See |PR03) for a related notion of message meaning.) By individual 
knowledge we mean knowledge in the sense of the transitive use of the verb "to 
know" , here to know a message, such as the plaintext of an encrypted message. 
Notation: akM for "agent a knows message M" (cf. Definition [I]) . This is 
the classic concept of knowledge de re ( "of a thing" ) made explicit for message 
things. Whereas by propositional knowledge we mean knowledge in the sense 
of the use of the verb "to know" with a clause, here to know that a statement 
is true, such as that the plaintext of an encrypted message is (individually) 
unknown to potential adversaries. Notation: Ka{4>) for "agent a knows that </> 



[is true]" (cf. Section 2.1). This is the classic concept of knowledge de dicto 
("of a fact")Q Notice that we make the distinction between individual and 
propositional knowledge with respect to the "object" of knowledge (the known), 
i.e., with respect to a message and clause, respectively. However, individual as 
well as propositional knowledge can both be individual with respect to the 
subject of knowledge (the knower), i.e., an (individual) agent. 

Hence, an agent-centric paraphrase of our previous problem statement is: 

The fundamental problem of communication is that of inducing at 
one point either an intended knowledge or an intended belief with a 



message selected at another point (cf. Section 2.1 for formal mean- 
ings). 

With this paper, we intend to induce (necessarily true) knowledge, and leave 
induction of (possibly false) belief for further work. (For our standard notions 
of belief and knowledge, see |MV07j .) Here, interactive computations compute 
propositional knowledge (e.g., that the goal of this paper has been achieved), 
and they do so by passing as messages pieces of interactively or non-interactively 
computed individual knowledge (e.g., this paper). Again, result values are only 
the means — not the ends — of interactive computations. 

1.2 Solution & Methodology 
1.2.1 Solution 

Our problem statement contains an inceptive solution and defining principle for 



interactive computation, namely induction o J knowledge (cf. Section 2.1). Our 
task is thus to make this principle precise. This in turn leads us to defining 
the concept of an interactive proof (or certificate) whose effect is to induce 
the knowledge of its proof goal (or statement of certification) in the intended 



In a first-order setting, knowledge de re and de dicto can be related in Barcan-laws. 
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interpretation context (cf. Section 2.1). The present paper is intended to be 



such an interactive proof: its proof goal is the goal stated in Section 1.1.2 and 
its intended interpretation context is the set of logically educated readers fluent 
in English. Our interactive proofs are also formal social proofs in that they 
partially reconcile two distinct viewpoints on mathematical proofs jBus98aj : 

The first view is that proofs are social conventions by which 
mathematicians convince one another of the truth of theorems. That 
is to say, a proof is expressed in natural language plus possibly sym- 
bols and figures, and is sufficient to convince an expert of the cor- 
rectness of a theorem. Examples of social proofs include the kinds 
of proofs that are presented in conversations or published in articles. 
Of course, it is impossible to precisely define what constitutes a valid 
proof in this social sense; and, the standards for valid proofs may 
vary with the audience and over time. The second view of proofs is 
more narrow in scope: in this view, a proof consists of a string of 
symbols which satisfy some precisely stated set of rules and which 
prove a theorem, which itself must also be expressed as a string of 
symbols. According to this view, mathematics can be regarded as 
a 'game' played with strings of symbols according to some precisely 
defined rules. Proofs of the latter kind are called "formal" proofs to 
distinguish them from "social" proofs. 

Note that a theorem known by one (say a) but not by another mathematician 
(say 6) is a local truth from the viewpoint of an audience (say {a,b}). An 
example of a social convention is a work contract (cf. Lemmajsjand Corollary [s]). 

1.2.2 Methodology 

Our methodology for defining interactive computation emerges as an interac- 
tive variant of a classical construction that consists in a "horizontal" transitive 
embedding of programs into proofs and in a "vertical" homomorphing of each 
non-interactive structure into its interactive counterpart (cf. Figure [T]). We will 
argue that the right-most "vertical" homomorphism (without C-tail) cannot be 
an embedding (with C-tail) and that this reflects the essential difference between 
interactivity and non-interactivity here. More precisely, we shall present: 

1. in this paper, a classical modal logic (LiP) of interactive proofs that 

(a) are agent-centric generalisations of non-interactive proofs such that 
the agents are resource-wnbounded with respect to individual and 
thus also propositional knowledge (cf. Section 3.2.2[ ), though our 



agents here are still unable to guess individual (and thus also propo- 
sitional) knowledge 

(b) induce the knowledge of their proof goal with their intended interpret- 
ing agent (s) such that the induced knowledge is propositional in the 
sense of the standard modal logic of knowledge S5 IFHMV951 IHRIO) 
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Figure 1: Typed interactive programs from interactive proofs 
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(See |Kra07al IKraOSa] and |Kra08bj for preliminary, non-axiomatic explo- 
rations within different, non-standard semantics, but in |Kra08bj already 
with pairing and signing as proof-term constructors.) 

2. in future work: 

(a) a classical modal logic (iS4) of interactive provability via an embed- 
ding into LiP in analogy with Artemov's embedding of the standard 
modal logic of non-arithmetic[^ provability S4 into his Logic of Proofs 
LP |Art94lErt0niArt07| 

(b) interactive Intuitionistic Logic (ilL) via an embedding into iS4 in 
analogy with the Godel-Kolmogorov embedding of Intuitionistic Logic 
IL into S4 IArt07| 

(c) typed interactive programs (tiP) via an isomorphism from ilL in anal- 
ogy with the Curry-Howard isomorphism between IL and typed pro- 
grams tP |dG95) . 

We will deploy our methodology from right to left. LiP (LP) is the richest among 
all the (non-)interactive structures in the sense that all other (non-)interactive 
structures embed into LiP (LP). In result, terms viewed as proofs are descrip- 
tions of constructive deductions, terms viewed as programs are prescriptions for 
interactive computations, LiP-formulas viewed as propositions are proof goals, 
and LiP-formulas viewed as types are program properties. To agents, interac- 
tive proofs are message terms that induce the prepositional knowledge of their 
proof goal with their intended interpreters, and interactive computations are 
message communications between distributed interlocutors that compute that 
knowledge from the meaning of the communicated messages. In sum, the pur- 
pose of interactive proofs is the transfer of propositional knowledge (knowable 
facts) via the transmission of certain individual knowledge (knowable proofs) in 
multi-agent distributed systems (e.g., editorial boards, scientific communities, 
social networks and other virtualised societies — even the whole Internet). That 
is, LiP is a formal theory of knowledge transfer. In contrast. Shannon's 
theory is about the (error-correcting) transmission of individual knowledge (i.e., 
data) only. 

■^i.e., not internalising provability of a formal system that includes Peano Arithmetic 
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1.3 The Logic of Proofs (LP) 

The language of Artemov's Logic of Proofs (LP) (cf. |Art94| lArtOlj and |Art07| 
Section 5]) is the language of classical propositional logic enriched with formu- 
las p'.F, where F denotes formulas and p so-called proof polynomials. Proof 
polynomials are terms built from proof variables x,y,z, . . . and proof constants 
a, &, c, ... by means of three operations: application '•' (binary), sum (bi- 
nary), and proof checker '!' (unary). According to Artemov, proof polynomials 
represent the whole set of possible operations on (non-interactive) proofs for a 
propositional language. 

Then, the following proof system defines (the non-normal modal logic) LP: 

0. all axioms of classical propositional logic 

1. hLP {{p:F) V q:F) ^ {p+q):F (sum) 

2. hLP (p:(F -> G)) ^ {{q:F) {p-q):G) (application) 

3. I-Lp {p:F) F (reflection) 

4. I-Lp {p:F) {\p):{p:F) (proof checker) 

5. {F — >■ G, F} Klp G {modus ponens) 

6. Klp c:A, for any axiom A and proof constant c (constant specificatioij^, 

where {F G, F} Klp G abbreviates "if Klp F ^ G and Klp F then Klp G" 
in horizontal Hilbert style, and '!' is interpreted as a primitive- recursive program 
for checking the correctness of proofs which given a proof of p produces a proof 
that p proves F. The application axiom internalises the modus ponens rule. 

Note that LP does not explicate beyond the formula p:F what it means 
for p to prove F, but rather attempts to characterise axiomatically this rela- 
tion. Indeed, p:F really stands for an atomic concept. Arguably, the standard 
semantics of LP does not fully explicate the concept either: that semantics actu- 
ally merely re-stipulates each axiom of LP as a corresponding condition on the 
model in set-theoretic language (cf. |Art071 Section 5.3] and jFit05| ). In that, 
it is rather a convenient semantic interface — and we will use it as such — than a 
semantics proper. Here it is. Given 

• a frame {W, R) with a reflexive and transitive relation R C W x W 

• an abstractly constrained evidence mapping £ from worlds u and proof 
polynomials p to sets of formulas F 

such that: 

1. if uRv then £{u,p) C £{v,p) (monotonicity) 

2. (closure) 

^Constant specification is a somewhat flexible concept (cf. |Art08a| for four variations). 
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• if F — > G € £{u,p) and F G £{u, q) then G G £{u,p-q) (application) 

• if F G £{u,p) then p:F G !p) (proof checker) 

• £{u,p) U £{u,q) C £(u,p+q) (sum), 

and a usual valuation mapping V from atomic propositions to sets of worlds, 
satisfaction for the LP-modality in a model {W, R,£,V) at a world u is so that 

{W,R,£,V),u\^ p:F iff 

for every v eW, if uRv and F G £{u,p) then (T4^, i?, V), u Ih F. 

Notice the additional constraint F G £{u,p), which a standard Kripke-seman- 
tics format would not allow. A more serious criticism than the one of not being 
a semantics proper is that in a truly interactive setting, the reflection axiom is 



unsound (cf. Section 3.1 1. By a truly interactive setting we mean a multi- agent 
distributed system where not all proofs are known by all agents, i.e., a setting 
with a non-trivial distribution of information (in the sense of Dana Scott, cf. 
Proposition [3]). 
In contrast: 

1. LiP will give an epistemic explication of proofs, i.e., an explication of 
proofs in terms of the epistemic impact that they effectuate with their 
intended interpreting agents (i.e., the knowledge of their proof goal). 

Technically, we will endow the proof modality with a standard Kripke- 
semantics, whose accessibility relation we 

(a) define constructively, in terms of elementary set-theoretic construc- 
tions (in loose analogy with the constructive rather than the purely 
axiomatic definition of ordered pairs [e.g., Kuratowski's] or numbers 

[ElU) 

(b) match to a simplified and then interactively generalised version of 
the semantic interface of LP, where the simplification consists of 

i. the absorption of the evidence mapping into the accessibility re- 
lation (and thus the absorption of the corresponding conjunctive 
constraint on the truth condition of the proof modality) 

ii. the elimination of the monotonicity constraint on the evidence 
mapping (in the sense that the constraint will become a prop- 
erty), which is a nice side-effect of the previous simplification 

2. LiP only validates a corresponding conditional reflection principle, i.e., a 
reflection principle that is conditioned on the (individual) knowledge of 
the proof mentioned by the principle (e.g., the above p in LP). 

3. LiP is, technically speaking, a normal modal logic, which brings all the 
benefits of the existing standard techniques of normal modal logics to LiP. 
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Hence, we beg to differ with Artemov and Nogina, who, hke Aristotle and Plato, 
define (propositional) knowledge as justified true belief, but unlike Aristotle and 
Plato, admit as admissible justifications for such knowledge only proofs in the 
sense of at least LP |AN051 lArtOSa) . As a counter-example to Artemov and 
Nogina's provability explication of knowledge, consider that an agent may know 
that a certain state of affairs is the case from the observation of a physical event 
(e.g., a message input /output), yet not be able to prove her (propositional) 
knowledge to the non-observers (e.g., an absent peer or judge) for lack of suffi- 
cient evidence (i.e., proof). Whereas in our epistemic explication of provability, 
provability possibly implies propositional knowledge, e.g., with the (individ- 
ual) knowledge of a proof, but propositional knowledge does not necessarily 
imply provability, e.g., without such a proof. The technical difference between 
the two philosophies may be subtle but nevertheless is serious (i.e., not a mere 
technicality) — especially for applications to truly distributed computer systems. 



1.4 Contribution &; Roadmap 
1.4.1 Contribution 

The contribution of this paper is a formal theory of knowledge transfer, i.e., the 
classical normal modal Logic of interactive Proofs (LiP), to be used to define 
the new paradigm of interactive computation via a classic construction due to 
Godel-Kolmogorov- Artemov. More precisely, our main contributions are: 



1. a constructive Kripke- semantics for LiP's proof modality (cf. Page 19) 

2. a sound and complete axiomatisation for LiP (cf. Theorem [5| 

3. a stateful notion of transmittable interactive proofs that 

(a) are agent- centric generalisations of non-interactive proofs such that 
the agents are, as said, still resource-unbounded with respect to in- 
dividual and thus also propositional knowledge 

(b) have intuitive epistemic explications in that 



they effectuate (cf Section 2.1 1 



A. a persistent epistemic impact in their intended communities 
of peer reviewers that consists in the induction of the (propo- 
sitional) knowledge of their proof goal by means of the (indi- 
vidual) knowledge of the proof with the interpreting reviewer 

B. a transfer of propositional knowledge (knowable facts) via 
the transmission of certain individual knowledge (knowable 
proofs) in multi-agent distributed systems 

the individual proof knowledge can be thought of as being pro- 



vided by an imaginary computation oracle (cf. Section 2.2 I 



(c) are falsifiable in a communal sense of Popper's (cf. Theorem HI) 



8 



(d) can be constructed with only two operations, namely pairing and 
signing, and freely combined with other term operations (e.g., en- 
cryption) 

(e) happen to have an information-theoretic explication in terms of Scott's 
information systems (cf. Proposition |3| 

4. a stateful notion of proof equality in an idempotent commutative monoid 
capturing equality of epistemic impact (cf. Corollary [4]) 

5. a novel modal rule of logical modularity, called epistemic antitonicity, for 
the class of justification logics |Art08a| including LP, which allows the 
partial, or even total and thus modular generation of the structural modal 
laws from the laws of a separate (e.g., application-specific) term theory 



(cf. Page 11 and Section 3.2.11 



In sum, LiP is a minimal modular extension of propositional logic with 

1. an interactively generalised additional operator (the proof modality) 

2. a simplified and then interactively generalised 

(a) proof-term language (only two instead of three constructors, agents 
as proof- as well as signature- checkers) 

(b) constructive Kripke-semantics (including evidence-mapping absorp- 
tion and monotonicity-condition elimination). 

With our contribution, we mean to concur with |Mos06[ Page viii], where 

computation theory is viewed as part of the mathematics "to be 
founded," 

since Kripke-models such as ours for LiP — conceived as a foundation for in- 
teractive computation theory — are relational models of the meaning of modal 
languages in the language of set theory, which in turn |Mos06[ Page vii] 

is the official language of mathematics, just as mathematics is the 
official language of science. 

1.4.2 Roadmap 

In the next section, we introduce our Logic of interactive Proofs (LiP) axiomat- 
ically by means of a compact closure operator that induces the Hilbert-style 
proof system that we seek (cf. Proposition [ij and that allows the simple gen- 



eration of application-specific extensions of LiP (cf. Page 12 1. We then prove 
some useful (further- used), deducible laws within the obtained system. Next, 
we introduce the constructive semantics and the semantic interface for LiP. For 
the construction of the semantics, we again make use of a closure operator, but 



this time on sets of messages to be used as interactive proofs. In Section 2.1 



we present the promised epistemic explication and in Section |2.2| the promised 
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oracle-computational explication of our interactive proofs. In Section 2.3 we 
demonstrate the adequacy of our proof system and present our notion of proof 
equality for LiP. Finally, we relate LiP to LP-like systems in Section |3] 



2 Basic Logic of interactive Proofs 

The basic Logic of interactive Proofs (LiP) provides a modal formula language 
over a generic message term language. The formula language offers the propo- 
sitional constructors, a relational symbol ' k ' for constructing atomic proposi- 
tions about individual knowledge, and a parameterised unary modal constructor 
' : ' for propositions about proofs. The message language offers term construc- 
tors for message pairing and (not necessarily, but possibly cryptographically 
implemented) signing. (Cryptographic signature creation and verification is 
polynomial-time computable |KatlO| .) 

Definition 1 (The language of LiP). Let 

• 7^ designate a non-empty finite set of agent names a, b, c, etc. 

• C C ^ denote (finite and not necessarily disjoint) communities of agents 
a (z A (referred to by their name) 

• M 3 M a \ B \ ^MJ^ | (M, M) designate our language of message 
terms M over A with (transmittable) agent names a d A, application- 
specific data B (left blank here), signed messages {[M]}^, and message 
pairs (M, M) 

(Messages must be grammatically well-formed, which yields an induction 
principle. So agent names a are logical term constants, the meta-variable 
B just signals the possibility of an extended term language A4, {[-J^j with 
a G ,4 is a unary functional symbol, and (•, •) a binary functional symbol.) 

• V designate a denumerable set of propositional variables P constrained 
such that for all a e A and M £ M, {ak M) e V (ior "a knows M") is a 
distinguished variable, i.e., an atomic proposition, (for individual knowl- 
edge) 

(So a k • where a €E ^ is a unary relational symbol.) 

• £ 9 (/)::= P I ^0 I (/)A0 | M :^ designate our language of logical formulas 
(j), where M :^ means that "M is a C U {a}-reviewable proof of (/>" in the 
sense that "M can prove to a (e.g., a designated verifying judge) and 
this fact is commonly known in the (pointed) community C U {a} (e.g., for 
C being a jury)." 

LiP is defined by means of the following axiom and deduction-rule schemas. 
Definition 2 (The axioms and deduction rules of LiP). Let 

• To designate an adequate set of axioms for classical propositional logic 
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. Ti := To U { 

- a k a (knowledge of one's own name string) 

- akM ak{[Af]}^ {personal [the same a] signature synthesis) 

- ak{[Af]}j, — > ak{M,b) (universal [any a and b] signature analysis) 

- (akM AakM') ^ ak (M, M') ( [un]pairing) 

- (M :C (</> ^ 0')) ^ ((M' i cb) ^ (M, M') i cb') (GkQ 

- (M :^ (/i) -> (a k M -> (/)) (epistemic truthfulness) 

- (Af :g 0) ^ A.scu{a} ( Mg ^b""^"^ k M A Af :g (peer review) 

- (M i^^'^' (/)) — ^ M :^ (group decomposition) } 
designate a set of axiom schemas. 

Then, LiP := C1(0) ;= U„eN Cr(0), where for aU T C £: 

Cl"(r) := TiUr 

cr+^(r) cr(r) u 

{ I {</), ^ (^'} C Cr(r) } U {modus ponens) 
{ A// :^ I (A e Cr(r) } U (necessitation) 

{ {M':'i(l)) ^M:i(t)\ {ak M ^ ak M') G Cr(r) } 
(epistemic antitonicity) . 

We call LiP the base theory, and Cl(r) an LiP-theory for any F C £. 

This article is about the base theory (the logic), as suggested by the article 
title. Notice the logical order of LiP, which is, due to propositions about 
(proofs of) propositions, higher-order prepositional. Further, observe that we 
assume the existence of a dependable mechanism for signing messages, which 
we model with the above synthesis and analysis axioms. In trusted multi-agent 
distributed systems, signatures are unforgerf, and thus such a mechanism is triv- 
ially given by the inclusion of the sender's name in the sent message, or by the 
sender's sensorial impression on the receiver when communication is immedi- 
ate. In distrusted multi-agent distributed systems (e.g., the open Internet), a 
practically unforgeaWe signature mechanism can be implemented with classical 
certificate-based or, more directly, with identity-based public-key cryptography 
|KatlO| . We also assume the existence of a pairing mechanism modelling finite 
sets. Such a mechanism is required by the important application of communica- 
tion (not only cryptographic) protocols |And08l Chapter 3], in which concate- 
nation of high-level data packets is associative, commutative, and idempotent. 
As examples of application-specific data B we conceive of: 

^ "GK" abbreviates "Generalised Kripke-law" . 
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Table 1: Some macro-definable proof concepts 









[M is a C U {a}-reviewable refutation of to a) 








(M is a C U {a}-reviewable proof diamond of to a) 




:= (M:C0)V(M-C<^) 




(M is a C U {a}-reviewable decider of (/> to a) 








(M is a C U {a}-reviewable non-decider of (/) to a) 



• atomic data other than agent names such as random numbers (systemat- 
ically used in cryptographic communication), quoted formulas ^(jP (e.g., 
the Godel-number of in some Godel-numbering scheme^ and others; 

• compound data such as 

- hashecj^ data [M] , for M ^ M and with axiom akM a k \M ] 

— encrypted data [M]Af', for plaintext data M & M. and data used as 
an encryption key M' G M, and with axioms 

* ak (M, M') ak [M]m' (encryption) 

* a k {[M]m' , M') akM (decryption) 

This is the so-called Dolev-Yao conception of cryptography |DY83] , 
which we could easily cast as the following LiP-theorj]^ 




Now note the following macro-definitions: T := aka, _L := ^T, <j> V (j)' := 
-^{^(j) A ^(j)'), <j) <j)' -.^ ^(t)W <j)', O 0' := (0 ^ 0') A {(j)' -> 0), and, 
more interestingly those in Table ij^ Variations on our notions of interactive 
proof can also be macro-defined, e.g., with respect to reviewer communities (by 
conjunction with respect to their members and based on a policy of either one 



^Quotation is a form of type down-casting in the sense tliat data viewed as compound at a 
certain logical level (here, at the formula-language level) is viewed as atomic at a lower level 
(here, at the term-language level), and thus is a form of encoding meta-data (here, statements 
about messages) in object data (here, messages). 

'^Cryptographic hash functions are one-way functions with certain cryptographically inter- 
esting properties such as collision and pre-image resistance. 

*The integration of other conceptions such as the classical information-theoretic |Sha49| 
and the modern complexity-theoretic [GolOll IGol04j will be presented in future work. 

^The problem of defining interactive refutations was suggested to me by Rajeev Gore. 
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[dis]proof for all members or one [disjproof for each member) and with respect 
to exclusive communities (with respect to members only). 

We could also conceive of term forms, i.e., terms containing free variables 
(data place holders) " (z X 'm appropriate places, where X would desig- 

nate a countably infinite set of variables. However, in order to keep the intro- 
duction of our logic as simple as possible and as complicated as necessary, we 
do not officially introduce term forms here but content ourselves with stating 
the following reasonable axiom schemas for the treatment of free variables: 

• a k M[M' /x] — > a k M{x) (unplugging) 

• a k {M{x),M') ^ akM[M'/x] (plugging), 

where M[M' /x] designates the simultaneous substitution of the term form M' 
for all free occurrences of the term variable x in the term form M. Of course, 
one could introduce instead term-variable binders (A-abstractors) |HS08| and 
work with bound variables, in order to make the function character of term 
forms explicit. 

Finally, we could close individual knowledge under an equational theory de- 
fined by atomic propositions (M = M') € T', by adding the axiom schema 

(a k M A M — M') — > a k M' (equational closure). 

Note that in the sequel, ":iff" abbreviates "by definition, if and only if". 
Logicians may want to skip the following proposition. 

Proposition 1 (Hilbcrt-style proof system). Let 

$ ^LiP :iff if^Q LiP then <j) e LiP 
(/> +UP <i> '-if! {<i>\ l-LiP (/>' and {(/)'} hLip 
I^LiP '-if! I^LiP 0- 

In other words, hup x C is a system of closure conditions in the sense of 
lTay9S\ Definition 3.7.4]- Por example: 

1. for all axioms G Fi, hLip (j) 

2. for modus ponens, {0, 4> 0'} Klip 

3. for necessitation, {(j)} hup -A/ :^ (j) 

4- for epistemic antitonicity , {a kM — > a kAI'} Klip (Af :^ 0) — > M :^ <j). 

(In the space-saving, horizontal Hilbert-notation "$ Klip (j)", $ is not a set of 
hypotheses but a set of premises, see for example modus ponens, necessitation, 
and epistemic antitonicity^^ 

^'^So for example modus ponens can be presented on one line and even in-line as {</>, <^ — >■ 
<l>'} I^LiP <!>' rather than on two display lines as 
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Then hLip can he viewed as being defined by a C\-induced Hilbert- style proof 
system. In fact CI : 2''' — >■ 2^ is a standard consequence operator, i.e., a 
substitution-invariant compact closure operator: 

_Z. r C Cl(r) (extensivity) 

2. ifV C r then C\{T) C Cl(r') (monotonicity) 

3. Cl(Cl(r)) C Cl(r) (idempotency) 

4. Cl(r) — Ur'e2'^ . Cl(r') (compactness) 

5. (T[Cl(r)] C Cl((T[r]) (substitution invariance), 

where a designates an arbitrary propositional C- substitution. 

Proof. That a Hilbert-style proof system can be viewed as induced by a compact 
closure operator is well-known (e.g., see |Gab95j ): that CI is indeed such an 
operator can be verified by inspection of the inductive definition of CI; and 
substitution invariance follows from our definitional use of axiom schemas^}\ □ 

We are going to present some useful (further-used) , deducible structural laws 
of LiP, including the deducible non-structural rule of epistemic bitonicity, used in 
the deduction of some of them. Here, "structural" means "deduced exclusively 
from term axioms." The laws are enumerated in a (total) order that respects 
(but cannot reflect) their respective proof prerequisites. 

Theorem 1 (Some useful deducible structural laws). 

1. hLip a k (M, M') — !■ a kM (left projection, 1-way K-combinator property ) 

2. I-Lip a k (M, M') ak M' (right projection) 

3. hLip a k (M, M) <H- a k Af (pairing idempotency) 

4. l~LiP ct k (M, M') -H- a k (A-f, M) (pairing commutativity) 

5. \-up {akM — > a k M') o (a k (M, M') oak M) (neutral pair elements) 

6. Klip ak{M,a) O akAf (self-neutral pair element) 

7. I-Lip a k {M, (A-f, M")) ^ ak {{M, M'),M") (pairing associativity) 

8. {akM o akAf'} Klip (Af :^ (f) o M' :^ (epistemic bitonicity) 

9. l-LiP (Af :^ 0) (A/', M) :^ 4) (proof extension, left) 

10. I-Lip (Af :^ 4>) (Af, M') :^ (proof extension, right) 

11. hLiP ((A/ :C 4>) V M' :^ </)) (Af, Af ') :^ (j) (proof extension) 

^^Alternatively to Eixiom schemas, we could have used axioms togetiier with an additional 
substitution-rule set { rj[<t>\ \ <j> G Cr(r) } in the definiens of 01"+^ (F). 
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12. I-Lip ((M, M) :^ <j)) ^ M:^(j) (proof idempotency) 

13. I-Lip {{M, M') :^ (t>) O (M', M) :^ (proof commutativity) 

14. {akM ak M'} \-up {{M, M') :^ 4>) ^ Mf^cf) (neutral proof elements) 

15. hLiP {{M, a) :^ (j)) -r^ AI :^ (self-neutral proof element) 

16. hLiP ((M, (Af, M")) :^ <?!)) 4^ ((Af, M'),M") -.^ cj) (proof associativity) 
1'^- I^LiP ({[-^-^Il'a 4') ~^ -a 4' (self-siguing elimination) 

18. \-up {{M :^ 0) V 6 :^ <j>) {[A/]}^ :^ (signing introduction) 

19. hLiP ({[-A'-^Il'a '/') -^-^ -a <^ (sclf-signing idempotency) 

20. When A = {a} (singleton society): 

(a) hLipflkA/ (total knowledge) 

(b) \^up a k Af <-> a k A/' f epistemic indifference) 

(c) \-up {M :^ (p) o Af :^ (proof indifference). 

Proof. See Appendxi |B.l[ □ 

Proof extension and idempotency jointly define proof redundancy. Tlien, for the 
cases where A = {a}, bear in mind that is a function of A, and that LiP 
has been designed for truly interactive cases, i.e., cases where |^| > 1 and not 
for non-interactive or degenerately interactive cases, i.e., cases where \A\ = 1. 
So when A = {a], A4 is actually strictly smaller than when A 3 {a}! 
In particular when \A\ > 1, obviously neither total knowledge nor epistemic 
indifference holds, nor does proof indifference hold. For the fortunate failure of 
proof indifference when \A\ > 1, consider the following doubly minimal counter- 
example. Without loss of generality, let A := {a, &} such that a ^ b. Then \-up 
6 :® a k 5 (instance of self-knowledge, cf. TheoremM) , but I/lip a :® a k 6 intuitively, 
and also formally. Just imagine a state in which a does not know 6's name string, 
cf. Definition [3] and [4j then giving her her own name string, which she already 
knows anyway, will not make her know 6's; and then apply the contraposition 
of axiomatic soundness, cf. Theoremjs] The counter-example is doubly minimal 
in the sense that both the involved proof terms (a and b are atomic terms) 
as well as the involved proof goal (akb is an atomic proposition about atomic 
terms) are minimal. Note that we could of course conceive LiP without the 
a k a-axiom for some or even all a (z A and arbitrary A. In particular when 
A = {a}, excluding aka from Fi definitely makes sense, since agent names really 
make sense only for non-empty non-singleton societies. In such a system, say 
LiP~, obviously none of the singleton-society laws of LiP would hold for a, and 
thus also non- interactive, singleton-society examples (e.g., Kripke's Red Barn 
Example in [ArtOSaj ) could be faithfully formalised. The price to pay for LiP~ 
would be, first, the failure of the following laws: self-neutral pair element, self- 
neutral proof element, and, cf. Theorem [2j self-truthfulness, the left implication 



15 



of self-truthfulness bis, own name strings cannot prove falsehood, and own name 
strings are consistent proofs; and thus, second, the impoverishment of the proof- 
term structure from an idempotent commutative monoid (cf. Corollary |4| to an 
idempotent commutative semigroup (loss of the neutral element). (The failure 
of these laws does not imply that their negation succeeds, because LiP-like 



theories are negation-mcomplete, cf. Section 2.3 ) However, how this price is 
appreciated eventually depends on the considered application. For example, 
the failure of self-truthfulness could even be considered desirable: if we were to 
exclude oka from Fi, we would actually exclude (M :^ 0) — from being a 
theorem in the resulting logical system LiP~ for all M G ^4, like in the Godel- 
Lob Logic of (non-interactive) Provability GL |JdJ98[ |AB05| . Next, the 1-way 
K-combinator property and the following simple corollary of Theorem [T] jointly 
establish the fact that our agents can be viewed as combinators in the sense of 
combinatory logic (CL) viewed as a (non-equational) theory of term reduction 
|HS08| . (The converse of the K-combinator property does not hold.) 

Corollary 1 (S-combinator property). 

1. hLiP ak((M,M'),M") 4->ak(M, (M",(M',M"))) 

2. huP (((M, M'),M") i (p) o (M, (M", (M', M"))) :^ 4> 

Proof. 1 follows jointly from idempotency (copy M'"), commutativity, and as- 
sociativity of pairing; and 2 follows jointly from 1 and epistemic bitonicity. □ 

Note that thanks to the modular set-up of LiP, epistemic antitonicity would 
equally easily yield the application-specific modal laws for: 



:ryption: ([M]m' i ^) (M, M') ^ cp 



. hashing: ([Af] :C 0) ^ A/ :C , 

• encrj 

• decryption: (M :^ 0) ^ {[M]m',M') :^ 

. plugging: {M[M'/x] i 0) ^ (M(x), M') :C cp 

• unplugging: {M{x) 0) -> M\M'lx\ (j). 

We are going to present also some useful (further- used), deducible logical 
laws of LiP. Here, "logical" means "not structural" in the previously defined 
sense. Also these laws are enumerated in an order that respects their respective 
proof prerequisites. 

Theorem 2 (Some useful deducible logical laws). 

1. hLiP {M i (0 ^ (/.')) -> ((M :C </,) ^ M i 0') (Kmpke 's law, K) 

2. {0 ^ <j)') hLiP (Af :^ (t)) ^ M :C 0' (regularity) 

3. {(/) O 0'} l-Lip [M :^ 4>) o M :^ (j)' (regularity Us) 
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4- {akM akM',^ ^ \-up {M' :^ 0) M :^ ^' (epistemic regular- 
ity) 

5. {a k M ^ a k M', cj) ^ cj)'} hup (M' :^ (/>)■(-»• M :^ (j)' (epistemic regularity 
his) 

6. I-Lip ((M :C 0) A M' :^ ^ (M, M') :^ A 0') (proof conjunctions) 

7. I-Lip ((M :^ 0) A M :^ 0') ^ M :^ (0 A </)') (>roo/ conjunctions bis j 
,S. I-Lip ((M :^ 0) V M' :^ (/)') (M, M') V (/>') fproo/ disjunctions) 
9. hup ((M :^ (/i) V M :^ </)') M :^ V </>') (proo/ disjunctions his) 

10. hup M:^ T (anything can prove tautological truth) 

11. hup {a-!^(j)) (j) (self-truthfulness) 

12. (/> ^hLip a :o (self-truthfulness his) 

13. hup a kM — )• -i(M :^ ±) (nothing known can prove falsehood) 
14- l~LiP "'{d-a -L) ('own name strings cannot prove falsehood) 

15. hup a k M — >■ ((M :^ <p) ^ Mo'^cf)) ( epistemic proof consistency) 

16. hLip (a :^ 0) — >■ a (/) ("own name strings are consistent proofs) 
^7. hup{[M]},:^-W6kM i...,Ke.,.ck..n.,l.eAne) 

J^. hupM:^akM (self-knowledge) 

19. hup (M :^ (^) ^ A6ecu{a} (Ma ^b""^"^ rs«?np/e peer review) 

20. hup (M <p) {{M :^ 0) A M (/)) ("^rowp decomposition his) 

21. hLiP (M la"^^"^ O (Af :C 0) (self-neutral group element) 

22. hLiP M :^ ((M :^ 0) ^ (self -proof of truthfulness) 

23. hup M :o (-'(-M :^ ±)) (self-proof of proof consistency) 

24. huP (M:C</,) ^ M:C(A(,ecu{a}(Ma:6''^"^<^)) T^^rMpZe peer review 
his) 

25. hup (M :^ (M :^ 0)) M :^ ^ (modal idempotency) 

26. When A = {a} (singleton society): 

(o.) hLip ^{M :^ ±) (nothing can prove falsehood) 

(b) hLip (M :^ (truthfulness) 

(c) hup (M :^ 0) — > Mo^ (/) (proof consistency). 
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Proof. See Appendix [R2l □ 



Kripke's law and the law of modal idempotency are discussed in Section [3.2.2 



The key to their validity is that LiP-agents are resource-unbounded (though 
are unable to guess) and act themselves as proof checkers (no need for LP's 
'!'). Notice that regularity and epistemic antitonicity resemble each other in 
that both laws relate an implicational premise with an implicational conclu- 
sion about proof modalities, but while regularity relates the modality operands 
monotonically, epistemic antitonicity relates the proof parameters antitonically. 
Both laws are combined in the law of epistemic regularity. The law that nothing 
known can prove falsehood and the law of epistemic proof consistency, which 
both result through proof from epistemic truthfulness, might raise doubt about 
the consistency of LiP. If so. Corollary [3] will dispel this doubt. 

Corollary 2 (Normality). LiP is a normal modal logic. 

Proof. Jointly by Kripke's law (cf. Theorem [2|, modus ponens (by definition), 
necessitation (by definition), and substitution invariance (cf. Proposition [T]). □ 

In contrast, LP is, technically speaking, not a normal modal logic |Art07l Sec- 
tion 5]. 

Definition 3 (Semantic ingredients). For the constructive model-theoretic study 
of LiP, let 

• S designate the state space — a set of system states s 

• msgs„ : 5 -J> 2^ designate a raw- data extractor that extracts (without 
analysing) the (finite) set of messages from a system state s that a has 
either generated (assuming that only a can generate a's signature) or else 
received as such (not only as a strict subterm of another message); that 
is, msgS(j(s) is a's data base in s 

• cl* : 2^ 2^ designate a data-mining operator such that cl^(2?) := 
cl,(msgsjs) U V) U„eN < (msgsjs) U V), where for all V C M: 

cl°{V) {a}UV 

d:+\V) ci:(I?)U 

{ (M,M') I {M,M'} C cV^{V) } U (pairing) 

{ M, M' I (M, M') G cl"(2?) } U (unpairing) 

{ {[-/Vf]}^ I M e cl"(I?) } U (personal signature synthesis) 

{ M I {[Af]}^ e cl"(2?) } (universal signature analysis) 

(cl^(0) can be viewed as a's individual-knowledge base in s. For application- 
specific terms such as encryption, we would have to add here the closure 
conditions corresponding to their characteristic term axioms.) 

• l£a ^ S X S designate a data preorder on states such that for all s, s' G 5, 
s<a s' :ifiFcl^(0)Cci:'(0) 

(The reader is invited to consider the effects of encryption on closure here.) 
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• <c := (Uaec —a)*' where '*' designates the Kleene (i.e., the reflexive 
transitive) closure operation on binary relations 

• =a '■— <a n(<a)^^ designate an equivalence relation of state indistin- 
guishability, where designates the converse operation on binary rela- 
tions 

• mRq C 5 X 5 designate our concretely constructed accessibility relation — 
short, concrete accessibility — for the proof modality so that for all s, s' € 



s mK :iff s' e y [s]^^ (1) 

s <cu{a} S and 
M e cl^(0) 

(iff there is s e 5 s.t. s <cu{a} s and M G cl^(0) and s =a s') 



(See Section 2.1 for an extensive explication of this elementary construc- 
tion.) 

Proposition 2 (Data closure), cl^^ : 2^ — > 2^ is a compact closure operator: 

1. 2? C cl^(2?) (extensivity) 

2. ifV C V' then c\^{V) C cl^(X'') (monotonicity) 

3. c1q(c1^(2?)) C cl„(2?) (idempotency) 

4- cla(^) U-D'i?2^ clj,(I?') (compactness), 

finite 

Proof. By inspection of the inductive definition of cl^. □ 

The operator cl^ induces a relation C 2^ x of data derivation such that 

V ha M -AS M e d^{V). 

Hence, an agent a can be viewed as a data miner who mines the data V by 
means of the |SD08l association] rules for pairing and signing (and possibly 
other, application-specific constructors) that define the closure operator cl^. 

Proposition 3 (Data derivation). 

Cut IfVha M and {M} ha M' then V ha M' . 

Compactness IfT) ha M then there is a finite V' C 1) such that V ha M . 

Complexity For all finite Q M, "Z? h^ M" is decidable in deterministic 
polynomial time in the size ofD and M. 
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Connection to Scott information systems Let for all a E A, s E S, and 

VCM, 

Ci{V) CP I c\liV')^V' }. 

Further, let 

Con^ := '^'finite- 

Then, 

is a Scott information system, i.e., for all M e AA, V e Con^^^, and 
V C M: 

1. {M} e Coni 

2. ifMeV then V ha M 

3. ifV CV then V e Conl 

4. ifV ha M then V U {M} £ Con^ 

5. if V e Conl and V !-„ V and V M then V ha M, where 
V ha V :ifffor all M' &V',Vha M' . 

( Message terms are information tokens in the sense of Dana Scott WPO^ 
Chapter 9].) 

Proof. The cut and the compactness property fohow by inspection of the defin- 
ing cases of cla . The complexity follows from the complexity of message deriva- 
tion for even more complex message languages (e.g., including encryption and 
other constructors |TGD10| ). Regarding the connection to Scott information 
systems: Property 1 follows from the fact that {M} e 2^;^^, and M G C^iM), 
Property 2 from the definition of ha, Property 3 from the powerset construction. 
Property 4 from the definition of ha, and Property 5 jointly from the finiteness 
of V (which can be transformed into a message pair [of pairs]) and the cut 
property of ha. □ 

Proposition 4 (Concrete accessibility). 

1. If M £ cla(0) then s a/Rq ^ (conditional reflexivity). 

2. For all C Q A, if C Q C then jv/R-a — mRq (communal monotonicity) . 

3. If s A/R-a s' and s' mRq ^" then s A/Ra ^" (transitivity). 

Proof. For 1, let s S 5 and suppose that M £ cl^(0). Further, s <cu{a} s and 
s =a s, by reflexivity. Hence s a/Rq s. For 2, let C C A and suppose that 
C C C'. Further, let s,s' £ S and suppose that s A/Ra s' . That is, there is s £ S 
such that s <cu{a} s and M £ cla(0) and s =a s'. Hence s <c'u{a} s, and thus 
s A/Ra s' . For 3, let s,s',s" £ S and suppose that s a/Rq s' and s' a/Rq s" . 
That is, there is s £ S such that s <cu{a} s and M £ cla(0) and s =a s' (thus 
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s <cu{o} s'), and there is s' € S such that s' <cu{a} s' and M G cl^ (0) and 
s' =a s" . Hence s <cu{a} s' and then s <cu{a} s' , both by transitivity, and 
thus s n 

Definition 4 (Kripke- model). We define the satisfaction relation \= for LiP 
such that: 

(6,V),s|=P riff seV(P) 

(6,V),s |=^(/. riff noi{&,V),s\=(l) 

{&,V),s\=(j)A(l>' riff (6,V),sh'?^and(6,V),sh'?^' 

{&,V),s^M-P^(l) :ifr foralls'e5, ifsM7^^s'then(6,V),s'^<^i, 

where 

• V : P — )■ 2"^ designates a usual valuation function, yet partially predefined 
such that for all a e >t and M e A^, 

V(akM) := { s e 5 I M e cl^(0) } 

(If agents are Turing-machines then a knowing M can be understood as a 
being able to parse M on its tape.) 

• © := {S,{MRf^}MeM,aeA,C<zA) designates a (modal) frame for LiP with 
(in analogy to LP) an abstractly constrained accessibility relation — short, 
abstract accessibility — jw^a C 5 x <S for the proof modality such that 

— (a priori constraints): 

* if M e cl^(0) then s m7^^ s 

* for all C C yt, if C C C' then mT^^ ^ MT^a' 

* if s fJHi s' and s' iwT^-a s" then s mT^-o s" 

— [a posteriori constraints): 

* if (for all s' e 5, M e ci;;'(0) implies M' e clf (0)) 
then jM'lf C jMlf 

* if (<^ ^ 00 e AMt and e jM'f then <(>' e J(M, M')f 

* if <^ G JMf then for all 6 e C U {o}, (akM A M:^^!>) e 

where message meaning ^f-J^ : — >^ 2^ is defined as 
sWt := {<j>eC\{e,V),s^M:U} 

• (6, V) designates a (modal) model for LiP. 
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Notice that message meaning contains agent meaning glb}^ (agent names 
are particular messages) in the sense that the meaning of the agent b to the 
community C U {a} in the state s is what 6's name (i.e., b) can prove to C U {a}. 

Now, Proposition |4] and [5] jointly establish the important fact that our con- 
crete accessibility in Definition |3] realises all the required properties of our ab- 
stract accessibility in Definition |4] 

Proposition 5 (Semantic interface). 

1. For all s,s' eS,ifs n'R-'^a then jMjl C 

2. Let MT^a ■= M^a ■ Then for all seS: 

(a) if (for all s' G S, M G cl^'(0) implies M' € cl^'(0); 

thenjAltcjMt 
(h) if ^ 4>') e AMfa ct> e AM'fa then <P' G J(Af, M')t 
(c) if 4^ e AMt then for all be CU{a}, (a k A/AM ^ ^) e ,I{[M]}J^^{'^> 

Proof. For 1, let s,s' e S and suppose that s k{R-^ s' . Further, let e £ and 
suppose that (j) e ,[M]^, i.e., for all s' € 5, if s n/R-a «' then (6,V),s' ^ <l>- 
Furthermore, let s" G S and suppose that s' mTZ^ s" . Hence s mTZ'^ s" by 
transitivity, and thus (6, V),s" \= cj). 

For the rest, let AiT^a ■= mRq and let s e S. 

For 2.a, suppose that for aU s' e 5, M e clf (0) implies Af e cl^'(0). 
Further, let e £ and suppose that (j) e sP^'la- That is, for all s' e 5, 
if (there is s £ S such that s <cu{a} s and Af' e cl^(0) and s =a s') then 
(6,V),s' ^ Furthermore, suppose that (there is s € 5 such that s <cu{a} s 
and M e clf(0) and s =a s'). Hence M' e cl^(0) by the first hypothesis, and 
thus (6, V),s' h 0- 

For 2.b, suppose that (0 ^ </>') € jAf]f and (f> G JA//'1^. That is: for ah 
s' £ S, if (there is s G 5 such that s <cu{a} s and M G c1q(0) and s =a s') then 
(6, V), s' 1= (/) — > 0'; and for all s' G 5, if (there is s G 5 such that s <cu{a} s 
and M' G cl^(0) and s =a s') then (e,V),s' h Further, let s' G 5 and 
suppose that there is s G 5 such that s <cu{a} s and (A/, Af) G cl*(0) and 
s =a s'. Hence M G cl^(0) and A//' G cl^(0). Hence (©,V),s' ^ -> 0' and 
(6,V),s' h respectively. Hence (S, V),s' h f/*', and thus G J(Af, Af')la- 

For 2.C, see the proof of Theorem [3] □ 

Observe that LiP has a Herbrand-style semantics, i.e., logical constants (agent 
names) and functional symbols (pairing, signing) are self-interpreted rather than 
interpreted in terms of (other, semantic) constants and functions. This simpli- 
fying design choice spares our framework from the additional complexity that 
would arise from term- variable assignments [BGOT, which in turn keeps our 
models propositionally modal. Our choice is admissible because our individuals 
(messages) are finite. (Infinitely long "messages" are non-messages; they can 
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never be completely received, e.g., transmitting irrational numbers as such is 
impossible.) 

Definition 5 (Truth & VaUdity). 

• The formula </) G £ is true (or satisfied) in the model (S, V) at the state 
s G 5 :iff (6,V),s h <P- 

• The formula is satisfiable in the model (6,V) :iff there is s G 5 such 
that (6, V),s h 

• The formula </> is globally true (or globally satisfied) in the model (©,V), 
written (6, V) h 0, :iff for aU s G 5, (6, V), s |= (/). 

• The formula (j) is satisfiable :iff there is a model (©, V) and a state s G 5 
such that (©,V),s 

• The formula (j) is {universally true or) valid, written 0, :ifF for all models 
(6,V), (6,V) h0- (cf. [B?B07] ) 

So we can paraphrase the law of epistemic antitonicity in Definition [2] as: 
"Whatever a universally poorer message M' can prove to a, any universally 
richer message M can also prove to a, and this in all social contexts C U {a}." 

Proposition 6 (Admissibility of specific axioms and rules). 

1. \= aka 

2. hakil/^ akpf}^ 

3. h a k {[A/]}j ^ a k (M, 6) 

1 ^ (a k M A a k M') ^ ak (M, Af ') 

5. h (M ^ ^')) ^ m' i 0) ^ (M, M') :C ^') 

^. h(A^:S0)->(akA.f->0) 

7. h [M :^ 0) ^ A.ecu{a}(Ma ^'''^'^^ (a k M A M :C c/,)) 

9. If 1= t/ien ^^M-P^cj) 

10. // 1= a k A/ ^ a k Af ' t/ien ^ (Af :^ 0) ^ M :^ 0. 

Proof. 1-4 are immediate; 5, 7, and 10 follow directly from Proposition [5j 2. b, 
[5j2.c, and [5]2.a, respectively; 6 follows directly from the reflexivity of <cu{a} 
and =„; 8 follows directly from Proposition |4] 2; and 9 is immediate. □ 

Definition 6 (Semantic consequence and equivalence). 
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• The formula G £ is a semantic consequence of (j) G C, written (f) 

:iff for all models (6, V) and states s e 5, if (6, V), s |= then (6, V), s h 

• 0' e £ is semantically equivalent to (j) G C, written (j) <^ 0', :ifF (j) ^ (j)' 
and 0' => </). 

Fact 1. \= (/) ^ (/>' if and only if (p ^ ip' 

Proof. By expansion of definitions. □ 



2.1 Epistemic explication 

As announced, our interactive proofs have an epistemic explication in terms 
of the epistemic impact that they effectuate with their intended interpreting 
agents (i.e., the knowledge of their proof goals). To see this, consider that the 



elementary definition of proof accessibility on Page 19 can be transformed by 
applying elementary-logical rules so that 



{&,V),s\= Mf^cj) if and only if 

for all s € 5, if s <cu{a} s then (data [s] and peer [C U {a}] persistent) 
(6, V),s \^ ak M Ka{ (f) ) (epistemic impact). 



sufficient evidence induced knowledge 



with the standard epistemic modality being defined as 

(6,V),s h Ka(0) :iff for all s' e 5, if s EE„ s' then (©, V),s' h 0- 

As required, — being defined by means of an equivalence relation — is S5, 
i.e., S4 plus the property \= ^Ka(0) — > KQ(^Ka(0)) of negative introspection 
|FHMV9^ IMV07] . Hence, spelled out, the epistemic explication is: 



A proof effectuates a persistent epistemic impact in its intended commu- 
nity of peer reviewers that consists in the induction of the (propositional) 
knowledge of the proof goal by means of the (individual) knowledge of 
the proof with the interpreting reviewer. 



Observe that our notion of knowledge induction (impact effectuation) is an 
instance of a parameterised persistent implication, which: 

1. is compatible with C.I. Lewis relevant implication (a.k.a. strict implica- 
tion), which does not stipulate any constraint on the accessibility relation 
of the implication (here <cu{a}) 

2. is intuitionistic implication in Kripke's interpretation when the preorder 
^cu{a} happens to be partial, e.g., when A = {a} (total knowledge). 



24 



D. Lewis relevant implication however (and a fortiori Stalnaker's) is insufficient 
for capturing the induction. Recall that a statement </> implies (p' in a state s, 
by definition of D. Lewis, if and only ii (j) ^ (/)' is true at all states closest to s 
(here with respect to <cu{a})- (Stalnaker required that there be a single closest 
state.) Order-theoretically, "closest to s with respect to <cu{a}" nieans "that 
are atomic (i.e., if minored then only by bottom) in the up-set t<cu{a}i^) ■— 
{ s' £ S \ s <cu{a} s' } of s with respect to <cu{a}" ■ Yet we do need to stipulate 
truth at all states elose to s (i.e., all states in t<cu{a}i^))^ ^'^^ J^^^ truth at all 
states closest (i.e., all atomic states). Otherwise persistency, which is essential 
to obtaining intuitionistic logic, may fail (cf. |vB97[ Section 2] and |vB09| ) . 

Still, we believe that D. Lewis relevant implication could be suitable for 
defining induction of belief (to be enshrined in a Logic of Evidence) and even 
false belief (to be enshrined in a Logic of Deception). For belief, it does not make 
sense to insist on (peer) persistency, except perhaps for religious belief (among 
sectarian peers), and so quantifying over all closest states could be preferable 
over quantifying over all close states. To be explored in future work. 

We close this section with the statement of five epistemic interaction laws. 
The first law — to be used as a lemma for the second — describes a reflexive 
interaction between individual and prepositional knowledge in the following 
sense. 

Proposition 7 (Self-knowledge). 

^ KaiakM) ^ akM 

Proof. The — ^--direction follows from the reflexivity of =a, and the < — direction 
from the definition of =a as state indistinguishability with respect to individual 
knowledge. □ 

The second law describes an important interaction between individual and 
propositional knowledge by means of their respective languages M and £. For 
the sake of stating the law succinctly, we recall the following standard definition. 

Definition 7 (Language equivalence). Let L C £ designate a sublanguage of 
C Then two pointed models (6,V),s and (6,V),s' are L-equivalent, written 
(6, V),s =L (©, V), s', :iff for all G L, (e, V), s |= iff (6, V), s' ^ </>. (The 
relation =c is called elementary equivalence.) 

The law says that state indistinguishability with respect to individual knowledge 
equals state indistinguishability with respect to propositional knowledge. 

Proposition 8 (Indistinguishability). Let a £ A and 

Re := { akM \ M e M } 

Dicto := { Ka(0) I e £ }. 

Then, 

— Re —Dicto- 
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Proof. The C-direction follows from the definition of =q as state indistinguisha- 
bility with respect to individual knowledge, and the transitivity of =a; and 
the 3-direction from the fact that for all A/ e , (a k M) g £ and Proposi- 
tion [71 □ 

The third law — to be used as a lemma for the fourth — describes an impor- 
tant interaction between individual and propositional knowledge by means of 
message signing. The law also gives an example of interpreted communication, 
i.e., how to induce propositional knowledge with a certain piece of individual 
knowledge (i.e., a signed message). 

Proposition 9 (The purpose of signing). 

hak{[M]},^K,(6k{[M]},) 

Proof. Let (6,V) designate an arbitrary LiP-modcl, and let s E S, a,b E A, 
and AI E M. Further, suppose that (6,V),s |= ak{[Af]}j and let s' E S 
such that s' =a s. Hence, (6, V),s' |= ak{[M]}j, by definition of =a as state 
indistinguishability with respect to individual knowledge, and thus (6, V), s' |= 
6k{[Af]}^ due to the unforgeability of signatures (only b can generate {[M]}{,, cf. 



Page 11). □ 



The fourth law describes an important interaction between knowledge and 
interactive proofs, again by means of message signing. The law also gives an 
explication of the epistemic impact of signed interactive proofs. 

Theorem 3 (Proofs of Knowledge). Signed interactive proofs are peer-reviewable 
proofs of knowledgep^ in the following formal sense: 

h(Af:^0)^ /\ {[AfL:;;^^'^>(akMAK,(0)). 

beCUia} . , , , , . 

J induced knowledge 

Proof. We first prove the stronger fact that 

|=(Af:^0)^ /\ iM}^-',''^''^iakMAM:U)- 
fcecu{a} 

Let (6, V) designate an arbitrary LiP-model, and let s E S , a E A, C C A, b E 
C U {a}, and M E M. Further, suppose that (©, V) , s \= M ■.'^ (j), let s E S such 
that s <cu{a}u{b} s, and suppose that (©, V),s |= 6k{[M]}^. Hence, (6,V),s \= 
Kb(a k {[Af}^) by Propositionlo] and thus (6, V), s |= Kb(a k Af) by modus ponens 
of 1= Kb (a k {[Af]}^ — > a k M) (epistemic nccessitation of signature analysis) and 
h Kbiakp'I}^ ^ akM) ^ (Kfc(a k {[Af]}^) ^ Kf,(akA/)) (Kripke's law). Now, 
let s E S such that s =b s. Thus, s <cu{a}u{b} s, thus s <cu{a}u{b} s by 
transitivity, and thus s <cu{a} s by the hypothesis that b E C U {a}. Hence, 



^■^This terminology is inspired by GolOl Page 262], where such proofs arc defined as "[. . .] 
proofs in which the prover [here a] asserts "knowledge" of some object [. . .] and not merely 
its existence [. . .]" by means of probabilistic polynomial-time interactive Turing machines. 
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(©, V),s 1= M:^(j) by peer persistency, (6, V),s |= Kb(M:^ (j)) by discharge of 
the last hypothesis, and thus (e, V), s ^ Kb(a k M A M :^ </>). 

Our theorem now foUows from a stronger version of epistemic truthfulness, 
i.e., \= (M :^ 0) — >■ {akM — >■ K(j((/))), which in turn follows from the expansion 
of the truth condition of M □ 

The fifth law describes an important interaction between common knowledge 
|FHMV95l IMV07j and purported interactive proofs, namely their falsifiability 
in a communal sense of Popper's critical rationalism. More precisely, we refer 
to Popper's dictum that a hypothesis (here, that a purported interactive proof 
is indeed a proof) should be falsifiable in the sense that if the hypothesis is 
false then its falsehood should be cognisable (here, commonly knowable). 
In the present paper, we restrict the relation between Popper's aeuvre and our 
work to this succinct dictum. Recall from [FHMV95, MV07 that common 
knowledge among a community C can be captured with a modality CKc defined 
as 

(6, V), s 1= CKc(0) :iff for all s' G 5, if s =c s' then (6, V), s' |= 

where =c '■= (Uaec "The intuition is that a statement (j) is common 

knowledge in a community C of agents when: all agents know that (j) is true 
(call this new statement 0'), all agents know that 0' is true (call this new 
statement 0"), all agents know that ((>" is true (call this new statement 0"'), 
etc. Note that depending on the properties of the employed communication 
lines, common knowledge may have to be pre-established off those lines along 
other lines |HM90) . 

Theorem 4 (Falsifiability of interactive "proofs" ) . Interactive "proofs " are fal- 
sifiable in a communal sense of Popper's, i.e., if a datum AI £ M is not a 
C U {a} -reviewable proof of a statement (j) d C then this fact is communally cog- 
nisable as such by CU {a} in terms of the common knowledge among C U {a} of 
that fact. Formally, 

h(-M:^ 0)^CKcu{a}(-M:^ 0). 

Proof. Let (©, V) designate an arbitrary LiP-model, and let s ^ S , a ^ A, C C 
A, and M e M. Further, suppose that (6, V), s ^ ^ M :^ 0, let s' S 5 such that 
s =cu{a} s' (thus s' <cu{o} s), and suppose by contradiction that (6,V),s' \= 
M :^ (j). Hence (6, V), s \= M -.^(jj hy peer persistency — contradiction! □ 

Note also the following simpler fact, which asserts that what is commonly ac- 
cepted as proof constitutes common knowledge. 

Fact 2 (Common proof knowledge). 

h(Af:^ cj)) ^ CKcu{a}{M i 0) 
This however does not mean that Af is known by everybody in C U {a}\ 
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2.2 Oracle-computational explication 

As announced, our interactive proofs have also an oracle- computational explica- 
tion in terms of a computation oracle that acts as a hypothetical provider and 
thus as an imaginary epistemic source of our interactive proofs. To see this, 
consider that the elementary definition of proof accessibility in Definition |3] can 
be redefined (for the time being) such that for all s, s' £ S, 

smR^s' -as s'e\J[S]^^ (2) 

S <cu{a} ^ 

M e ci=(0) 

for aU MeMsindCC A, <f ;= ( |J <f )++ 

aec 

s<f :iff ci:({M}) = ci:'(0), 

where designates the closure operation of so-called generalised transitivity 
in the sense that o C <[,*^'^ \ Note that when s s' for some 
states s, s' € S, agent a can conceive of s' as s yet minimally enriched with the 
information token M, for which a could imagine invoking an oracle agent. In 
other words, if a knew M (e.g., if a received M from the oracle) then a could 
not distinguish s from s' in the sense of =a- This hypothetical knowledge was 
called adductive knowledge in [KraOSbj — from now on also oracle knowledge — 
and implemented with a concrete message reception event for a that carries the 



information of M in s' . Now, similarly to Page 24 our above-redefined proof- 
accessibility relation can be transformed and then used for redefining (again, 
for the time being) the proof modality as follows: 



(6,V),s|=M:C0 :iff 

for all s' € 5, if s <cu{a} ^' then (peer [C U {a}] persistent) 
(6, V), s' 1= a kM ^ Kq(0) (epistemic impact). 



The new notion of proof resulting from Accessibility Relation 2 on Page [28] is 
obviously weaker than our original notion resulting from Accessibility Relation 1 



on Page 19 in the sense that the epistemic impact of Notion 1 is data persistent, 
e.g., is the case even when more messages than just the proof are learnt, whereas 
the one of Notion 2 is not necessarily so, i.e., is the case possibly only at the 
instant of learning the proof. (Still, both notions induce knowledge and not only 
belief!) Therefore, we call interactive proofs in the sense of Notion 1 persistent or 
extant and those in the sense of Notion 2 instant interactive proofs. For multi- 
agent distributed systems, instant interactive proofs are interesting, e.g., for 
accountability (cf. |KR10| and pRll) . both based on }Kra08b| ). In accountable 
multi-agent distributed systems, an agent may prove her correct past behaviour 
in the present state to some judge, e.g., with a signed logfile [KRIO] , but may 
well then cease behaving correctly in the future. Hence her correctness proof is 
instant but may well not be persistent. The epistemic explication for Notion 2 
is, spelled out: 
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An instant proof effectuates an instant epistemic impact in its intended 
community of peer reviewers that consists in tlie induction of the (propo- 
sitional) knowledge of the proof goal by means of the (individual) knowl- 
edge of the proof with the interpreting reviewer. 



Observe that our notion of knowledge induction (impact effectuation) for instant 
interactive proofs is a parameterised instant implication, which is compatible 



with D. Lewis relevant implication (cf. our corresponding discussion on Page 25 ). 
That is, a k A/ — > Ka{4') is true at all states s' closest to s with respect to <cu{a}) 
i.e., for which s <cu{a} s'. The token M represents the minimal difference. Of 
course, a may in fact know M in s; so the conditional is not necessarily counter- 
factual. 

Our above definitions can be related to our original ones as follows. 
Proposition 10. For all s,s' E S: 

1. s <a s' if and only if there is M G A4 such that s <^ s' 

2. s <c s' if and only if there is M E A4 such that s s' 

Proof. We prove the if-dircction of (1) — the only-if-direction being obvious, and 
(2) obviously following from (1). Let s,s' E S and suppose that s <a s' . Hence 
there is a finite V <E M such that cl^(2?) = cl^ (0), because msgSa(s) and 



msgs^(s') are finite (cf. Page 18). Hence there is M e such that cl*({M}) = 
cl^(X'). Thus, c\l{{M}) = cl^ (0) by transitivity, and s <l' s' by definition. □ 

Hence, Notion 1 can be recovered from Notion 2 by redefining the proof 



accessibility on Page 19 such that for all s, s' E S, 



SmK s' :iff s' E \J[sU^, (3) 

* (Um'^M <Cu{a}) * 

and M e cl^(0) 

and thus Notion 3 and Notion 1 are equivalent. 

Proposition 11. When the proof modality is interpreted with Notion 2, 

Proof By the fact that <|^j = =a- □ 
We leave the further study of instant interactive proofs for future work. 

2.3 More results 

Theorem 5 (Adequacy), hup 'is adequate for \=, i.e.,: 

1- (f I^LiP f/* then 1= (j) (axiomatic soundness) 
2. if \^ <j) then hLip <f> (semantic completeness). 



29 



Proof. Soundness follows from the admissibility of axioms and rules (cf. Propo- 
sition [6| , and completeness by means of the classical construction of canonical 
models, using Lindenbaum's construction of maximally consistent sets (cf. Ap- 
pendix [A|. □ 

We leave the study of strong adequacy |Fit07[ Section 3] for future work. 

Corollary 3 (Consistency). 

1- If^up (f) then l/Lip -^(t>- 

2. Vuv 1- 

Proof. As usual: suppose that Klip <j). Hence \= (j) hy semantic completeness. 
Hence ^ ^0 by definition of |=. Hence I/lip ~^4> by contraposition of axiomatic 
soundness; and (2) follows jointly from the instance of (1) where := T, the 
axiom hLip a ka, and the macro-definitions of T as a ka and _L as ^T. □ 

However negation completeness (i.e., "hLip or Klip ^(/'") fails for LiP, as for 
classical propositional logic, which is a fragment of LiP. As a consequence, LiP 
does not have the disjunction property (i.e., "if Klip (pM 4>' then Klip 4> or 
l~LiP '/'"'); for example consider the case where (/)' :— ^(p. 

Corollary 4 (Stateful proof equality). Let (©, V) designate an arbitrary LiP- 
model, and let s € S , M G J\4 , a G A, C C A, and 4> G C. Further let: 

:= { (M, M') eMxM\ AMf = jM't } 
:= [a],=c 
[M]^=c + [M']^=c := [(M,M')]^=c. 

Then, 

{M/=c,0,+) 

is an idempotent commutative monoid, i.e., for all M , M' , M" G ■M/^=c : 

1. M + (M' + M") = (M + M') + M" (associativity) 

2. M + M' = M' + M (commutativity) 

3. M + M = M (idempotency) 

4-. M + = M (neutral element). 

Proof. By the soundness of proof associativity, commutativity, and idempo- 
tency, and the law of a self- neutral proof element, respectively (cf. Theorem [T]). 

□ 
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3 Related work 



In this section, we relate our Logic of interactive Proofs (LiP) to Artemov's Logic 
of Proofs (LP) I Art 94 j and to a generalised variant thereof, namely his Symmet- 
ric Logic of Proofs (SLP) |Art08b| . We also relate LiP to two extensions of LP 
with multi-agent character, namely Yavorskaya's LP^ |Yav08j and Renne's UL 
|Renl2j . The general aim of this section is to give a detailed description of cru- 
cial design decisions for interactive and non-interactive systems on the example 
of related works. Essentially, we argue that, first, LP and LiP can be related 
but have typically different (not always) but complementary scopes, namely 
non-interactive computation and universal truths, and interactive computation 
and local truths, respectively; and, second, LiP improves LP-like systems with 
respect to interactivity. That LP and LiP can indeed be related is evidenced 
to some extent by Theorem |6] and proved by the example following it, which 
happens to be formalisable in both LP and LiP. That we discuss multi-agent 
extensions of LP is justified by the fact that LP^ and UL are intended to be 
interactive but inherit the lack of message-passing interactivity from LP. As a 
matter of fact, the example with signing is formalisable only in LiP. 



3.1 Concepts 

In (S)LP, p:F stands for an atomic concept. Whereas in LiP, M :^ (f> stands 
for a compound concept analysable into epistemic constituents (cf. Section 2.1 ), 
nota bene thanks to a constructive semantics defined in terms of the proof 
terms themselves (cf. Page 19 1. In that, our construction is reminiscent of the 
canonical-model construction, which like ours is a constructive semantics defined 
in terms of syntax, but unlike ours not in terms of terms but in terms of formulas 
(cf. Appendix [A| . 



3.1.1 Interactivity 

(S)LP proofs are non-interactive, whereas LiP proofs are interactive (knowledge- 
inducing). (S)LP proofs are non-interactive also due to (S)LP's rcfiection axiom, 
which stipulates that provability imply trutlp^ However, in a truly interactive 
setting, (S)LP's refiection axiom is unsound. By a truly interactive setting, we 
mean a multi-agent distributed system where not all proofs are known by all 
agents, i.e., a setting with a non-trivial distribution of information in the sense of 
Scott (cf. Proposition [3]) , in which ^ a kM. In other words, in truly interactive 
settings, agents are not omniscient with respect to messages. Otherwise, why 
communicate? As proof, consider the following, self-referential counter-example: 
1= M :® {akM) (self-knowledge) but |^ M :® {akM) akM. In truly interac- 
tive settings, there being a proof does not imply knowledge of that proof. When 
an agent a does not know the proof and the agent cannot generate the proof ex 
nihilo herself by guessing it, only communication from a peer, who thus acts as 
an oracle, can entail the knowledge of the proof with a. In sum, provability 

"'^^{S)LP (and LiP) has a semantics, so we may use the word 'truth' here. 
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and truth are necessarily concomitant in the non-interactive setting, 
whereas in interactive settings they are not necessarily so. 

3.1.2 Proof terms 

(S)LP needs three proof-term constructors, namely sum, application, and proof 
checker. Whereas LiP only needs two, namely pairing and signing. Incidentally, 
Godel conjectured that two proof-term constructors were sufficient for proofs 
|Art01j . In LiP, pairing plays a pair of roles, namely the two roles played by 
sum and application in LP, and thanks to Fact [2] the agents themselves within 
their own communities may — not a term constructor like '!' in (S)LP must — 
play the proof-checker role! In sum, first, LiP-agents play a pair of roles, namely 
the two roles of proof as well as signature checker, and, second, signatures can 
be conceived as proof-checker-apposed, communally verifiable seals of check. 

3.1.3 Formulas 

(S)LP's proof modality ':' has no parameters, whereas LiP's ' :^ ' has two. The 
advantage of LiP's parametric modality is agent-centricity and thus greater 
generality. As a nice side effect, LiP's proof terms have neutral elements. 

3.2 Laws 

3.2.1 Structural laws (cf. Theorem [l]) 

In LP, the proof-sum operation '-I-' is neither commutative nor idempotent, 
but in SLP, it is both, like '(•, •)' in LiP. In (S)LP, '-f' has no neutral element, 
whereas in LiP the corresponding '(•, •)' has. As said previously, LiP's '(•, •)' can 
simulate not only LP's proof sum but also (S)LP's proof application. However, 
LiP's '(•, •)' cannot simulate SLP's sum. To see why, consider that if (S)LP were 
defined analogously to LiP by means of a separate term theory using atomic 
propositions 'kp' (for "p is known") and an analog of epistemic antitonicity 
then the structural modal laws of (S)LP could be (partially) generated from the 
structural term laws, analogously to LiP. 

LP From the term axiom schema 

kp+q (kp A kg) 
generate the corresponding characteristic law 

i{p:F) V q:F) ^ {p+q):F. 

SLP 

1. From the term axiom schema 

kp+q {kpA kq) 
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generate the corresponding characteristic law 



{{p:F)yq:F) ^ {p+q):F. 

2. Add the axiom schema 

((p:F)Vg:F), 

and (disregarding SLP's proof appUcation) obtain the characteristic law 

iip:F) \/ q:F) ^ ip+q):F 

of SLP's sum, which subsumes LP's sum law. 
However in the case of LiP, 

^{{M,M')i ^)^mi 0)VM':^^), 
due to the obvious counter-example (recall that |= (Af, A/') a k (Af, Af')) 
^ ((M, M') -l a k (Af, Af')) ^ ((M a k (Af , Af ')) V Af a k (Af, Af')). 
That is, it is not generally true that single projections prove pair knowledge. 

3.2.2 Logical laws (cf. Theorem [2]) 

(S)LP does not obey Kripke's law K, the law of necessitation, nor a law of modal 
idempotency. Whereas LiP does obey K as well as the generalised Kripke-law 
GK, necessitation, and the law of modal idempotency. 

Observe that K is deducible from GK in LiP due to proof idempotency, which 
in turn is deducible in LiP due to pairing idempotency, which in turn is deducible 



in LiP due to conjunction idempotency and the pairing axiom (cf. Section B.l). 
Note that for resource-bounded agents, restricting the (resource-unbounded) 
pairing axiom would be desirable in order to prevent the (resource-unbounded) 
K from being deducible in LiP. Incidentally, (S)LP can be understood as being 
reconstructed only from the (resource-bounded) wnpairing axiom and not from 



the (resource-unbounded) pairing axiom (cf. Section 3.2.1). 

The justification for choosing (plain) necessitation instead of LP's constant 
specification for LiP is that in the interactive setting, validities, and thus a for- 
tiori tautologies (in the strict sense of validities of the propositional fragment), 
are in some sense trivialities. To see why, recall from Definition [5] that validities 
are true in all pointed models, and thus not worth being communicated from 
one point to another in a given model, e.g., by means of specific interactive 
proofs. (Nothing is logically more embarrassing than talking in tautologies.) 
Therefore, validities deserve arbitrary messages as proof. What is worth being 
communicated are truths weaker than validities, namely local truths in the sense 
of Definition [5] which do not hold universally (cf. Table[2|. Note that our choice 
is not forced but free: we could have chosen constant specification for LiP too 
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Table 2: Interesting truths 



Computation 


Truth 


interactive 


local 


non-interactive 


universal 



(e.g., "hLip a :^ <j), for e Fi") and thus kept a closer relationship between LP 
and LiP, but that would have, first, put unnecessarily strong proof obligations 
on validities as far as interactivity is concerned, as explained; and, second, un- 
faithfully modelled resource-unbounded interacting agents, which already know 
all universal truths or validities, though of course not all local truths, which is 
the whole point of interacting with each other! 

(S)LP does not obey the law of modal idempotency, because it does not 
have agents that could act as proof checkers and thus needs a term constructor 
for proof-checking. Whereas LiP does obey modal idempotency, because LiP 



does have agents that can act as proof checkers (cf. Section 3.1.2) and thus 
does not need a term constructor for proof-checking. Observe that modal idem- 
potency is deducible in LiP due to the law of self-signing elimination, which 
in turn is deducible in LiP due to the axiom of personal signature synthesis 



(cf. Section B.2). Note that for resource-bounded agents, restricting (resource- 
unbounded) personal signature synthesis could be desirable in order to prevent 
(resource-unbounded) modal idempotency from being deducible in LiP. Inci- 
dentally, (S)LP can be understood as being reconstructed from no term axioms 



involving the proof checker '!' (cf. Section 3.2.1) 



3.2.3 Meta-logical properties 

(S)LP is not a normal modal logic, because (S)LP does not obey Kripke's law. 
Whereas LiP is a normal logic (cf . Corollary [2| . LP is in S2 [KuzOOj , but 
the decidability and thus complexity of SLP is unknown |Art08b| . A lower 
complexity bound for LiP is EXPTIME, which follows from the complexity of 
the logic of common knowledge, which is EXPTIMEcomplete |IIM92| . and from 
the fact that the concrete accessibility relation LiP requires <cu{a}. 



which contains the one for common knowledge =cu{a} (cf- Page 27) 



3.3 Formal relation 

In order to establish a formal relation between LP and LiP, we consider LiP over 



a singleton society and over the term forms suggested on Page 13 So without 
loss of generality let A — {a}. Further, fix LP's set of specification constants to 
consist of {a}, and consider the mapping h over LP-formulas that maps LP's 

• proof-sum '+' and proof-application '•' to LiP's proof-pair constructor 
'(•,•)' 

• proof checker '!' to LiP's proof-signature constructor 
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• proof modality ':' to LiP's proof modality ' :^ '. 
Lemma 1 (Admissibility of LP-laws for LiP). When A ~ {a} : 

0. I^LiP f, for any axiom Lp of classical propositional logic 

1. hL,P m :» 0) V M' -i 0) ^ (Af, M') i 

2. hLiP (M -i {cf> ^ 0')) ^ m' i ^) ^ (M, M') :0 <^') 
5. hLiP (M ^ 

I hup (M:0</.)-^p/]}„:0(M:0 0) 

5. {0^0',0'}hLiP 0' 

hLip a :® (f), for any formula <j) for which hLip Item 0-4- 

Proof. holds by definition of LiP. For the rest, set C = 0. Then 1 is LiP's 
law of proof extension (of. Theorem 2 is LiP's axiom schema GK; 3 is, 

given that A = {a}, LiP's law of truthfulness (of. Theorem [5] 26. b); 4 follows 
directly from LiP's laws of self-signing idempotency and modal idempotency 
(cf. Theorem [l] 19 and [2]25); 5 holds by definition of LiP; and 6 follows by 
particularising LiP-necessitation. □ 

Theorem 6 (Homomorphisni from LP into LiP). For A a singleton, for all 
LP-formulas F , 

if l-LP F then hup h{F) . 

Proof. From the admissibility of LP-axioms and LP-rulcs for LiP (cf. Lcmma[T]); 
or, by comparison of LP's semantics with LiP's semantics for singleton societies. 

□ 

However the converse is not true, and thus h is only a homomorphism and 
not an embedding. As counter example consider Kripke's law, which holds in 
LiP (cf. Theorem[2]l), but does not hold in LP (cf. Section [3T2| . In sum, while 



plain propositional logic can be viewed as a modal logic interpreted over a single- 
ton universe, LP can be viewed only to a limited extent as LiP over a singleton 
society. The extent is limited because LiP does not mathematically contain 
LP, as LP does not embed (injectively homoniorph) but only non-injectively 
homomorph into LiP, which we believe reflects the essential difference between 
their scopes. We stress that LP and LiP have typically different, complementary 
scopes, namely non-interactive computation and universal truths, and interac- 
tive computation and local truths, respectively. Nevertheless: 

1. LP and LiP have a non-empty intersection, as the following example 
proves, which happens to be formalisable in both LP |Art08aj and LiP. 

2. LiP is richer than S4, since LiP generalises S4 with agent centricity and 
refines S4 with explicit, transmittable proofs. 
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The example involves two elementary formal proofs, which for clarity we present 
in the style of Frederic Fitch, justified by the following definition and facts. 

Definition 8 (Local hypotheses). Let A C £ such that A is finite, and 
r;AhLiP0 liff FhLiP (/\A)^(/., 

cf. Proposition [T] where A is understood as a finite set of local hypotheses. 
Fact 3 {A fortiori true, persistently provable and known as true). 

F,</.;AhLiP0A(M:^ <^)Aa:0 0, 
where F, (/) means F U {(/)}. 

Proof. From Proposition [T] by the fact that l~Lip (f> implies hLip 0, necessitation, 
and self-truthfulness bis for the above case (/>, M :^ (j), and a :^ 0, respectively. □ 



2.1 



that Klip o,:'~^(j) can be read as "a persistently knows 



Recall from Section 
that (f) is true" (unless interpreted defeasibly, cf. Proposition 111 

Fact 4 (Fitting-style deduction "theorems" |Fit07| ). 

LDTMd^^ ^pF;A,0h,.P 



F; A hLiP 0^0' r, 0; A hup </>' 

Here, "LDT" abbreviates "Local Deduction Theorem", "MP" abbreviates "modus 
ponens", A, </> means AU {</>}, the double horizontal bar means "if and only if", 
and the simple horizontal bar reads "if . . . then ..." from top to bottom. 

Proof. The validity of the LDT rule schema is warranted by Definition |8j and 
the one of the MP rule schema by the modus ponens rule schema of LiP. □ 

Following |Art08a| . we now present the more difficult Case I of Gettier's Case 
I and II, which according to [Art08a| "were supposed to provide examples of 
justified true beliefs which should not be considered knowledge." 

Example (Gettier, from |Art08a| ). Suppose that Smith and Jones have applied 
for a certain job. And suppose that Smith has strong evidence for the following 
conjunctive proposition: (d) Jones is the man who will get the job, and Jones 
has ten coins in his pocket. Proposition (d) entails: (e) The man who will 
get the job has ten coins in his pocket. Let us suppose that Smith sees the 
entailment from (d) to (e), and accepts (e) on the grounds of (d), for which he 
has strong evidence. In this case. Smith is clearly justified in believing that (e) 
is true. But imagine, further, that unknown to Smith, he himself, not Jones, 
will get the job. And also, unknown to Smith, he himself has ten coins in his 
pocket. Then, all of the following are true: 1) (e) is true, 2) Smith believes that 
(e) is true. But it is equally clear that Smith does not know that (e) is true. 

Interpreting "strong evidence" in Gettier's example as "proof" in our sense, 
Gettier's Case I can be formalised in LiP as follows. Let: 
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• a G A := {Smith, Jones}; 

• for all ae A, job(a), 10(a) G V. 



Then Gettier's assumptions stated in his example are contradictory, as asserted 
by Proposition 12 and proved by jointly Lemma [2] and the proof in Table [Sj 
Lemma [2] corresponds to the assertion that (d) entails (e) in Gettier's example. 



Lemma 2 (Gettier example). 

{(job(Smith) Ajob(Jones)) _L};0 hup 
(job(Joiies) A lO(Jones)) /\^g_^(job(a) 

Proof. 

1- I^LiP (job(Smith) A job(Jones)) — >• _L 

2. (a) job(Jones) A lO(Jones) 

(b) job(Jones) — lO(Jones) 

(c) (job(Smith) A job(Jones)) — > _L 

(d) ^job(Smith) 

(e) job(Smith) lO(Smith) 



10(a)) 



global hypothesis 

local hypothesis 
2.a, PL 

1, a fortiori 

2. a, 2.C, PL 

2.d, PL 



(f) (job(Joiies) lO(Jones)) A (job(Smith) lO(Sniith)) 2.b, 2.e, PL 

" V ' 

the man who will got the job has 10 coins in his pocket 

3. I-Lip (job(Jones) A lO(Jones)) Aae^(Job(a) 10(a)) 2.a-2.f, LDT 

1-3, PL 



4. if l-Lip (job(Sinith) A job(Jones)) _L 

then |-Lip (job(Jones) A lO(Jones)) /\^g_^(job(a) 



10(a)) 



5. {(job(Sniitli) Ajob(Jones)) -> _L};0 h^p 
(job(Jones) A lO(Jones)) /\^g_^(job(a) 



Proposition 12 (Gettier example). 



10(a)) 



4, definition. 

□ 



{(job(Smitli) A job(Jones)) _L}; h^p 
(Smith k M A M l^^^h (job( Jones) A lO(Jones))) 
((job(Smith) A lO(Smith)) -> _L) 



Proof See Table [31 



□ 



In order to illustrate the working of signatures and the application of the 
other logical laws of LiP, we now refine Gettier's example with signing. That is, 
we identify the proof M in Proposition 12 with a term pair (C, {[VF]}„^) consisting 
of, first, a proof C for the fact lO(Jones) and, second, a work contract {[VI^]}hr 
for Jones signed by the HR department dealing with the job application. 
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Lemma 3 (Gettier-example with signing). Given A := {Smith, Jones, HR}, 



Proof. 

1. 

2. 

3. 

4. 

5. 

6. 

7. 

8. 

9. 
10. 
11. 
12. 
13. 
14. 
15. 
16. 
17. 
18. 

19. 
20. 



"LiP 



/Smith k iW}j^ A W r;^ job(Jones) 
\a Smith kC AC l^i^h lO(Jones) 
/Smith k(C, iWjjA 
\iC, Whr) ^Lth aob(Jones) A lO(Jones)) 



Smith k{[W^}„^ 

:j5^job(Jones) 
(M^:ifRjob(Jones)) ^ {[W]}hr 4ith job(Jones) 
{[W^B-HR :^itiijob(Jones) 
(mHR:^»itJob(Jones)) 
mHR:LtJob(Jones) 
Smith k C 

C:LthlO( Jones) 
(C^:LthlO(Jones))- 

(C^,Whr) :LthlO(Jones) 
Smith k{[W^]}„^ 
Smith k C 

Smith k C A Smith k {[VFJhr 
Smith k(C,WHj 
mHR:Lthjob(Jones) 

(WHR:LthJob(Jones))- 
(C,Whr) :LthJob(Jones 



local hypothesis 
local hypothesis 
simple peer review 
2, 3, PL 

>• {[^Lr :smitiijob(Jones) group decomp. 

4, 5, PL 
local hypothesis 
local hypothesis 
(C, {W^Lr) Imith lO(Jones) proof ext. 

8, 9, PL 



1, a fortiori 
7, a fortiori 
11, 12, PL 
13, pairing 
6, a fortiori 
(C,WJ:LthJob(Jones) p. ext. 

15, 16, PL 



(C> iW}m) ^Mith aob(Jones) A lO(Jones)) 10, 17, proof 
Smith k(C, IW%^)A 

(C, IWU) :Lth (job(Jones) A lO(Jones)) 

C:LthlO(Jones)^ 
/Smith k(C, iW}^^)A 
\{C, iW}J :Lth aob(Jones) A lO(Jones)) 



conj. 
14, 18, PL 

B-19, LDT 
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21. 



22. 



Smith kC ^ 

^C^:LthlO(Jones)^ 
/Smith k(C, iW}^)A 

XiCAWU) Imith (job(Jones) A lO(Jones)), 

W :i^job(Jones) ^• 
/Smith kC -!• 

'C:LthlO( Jones) ^ 
/Smithk(C,{[W^}„,) A 
V V \iC, Whk) :Lth (job(Jones) A lO(Jones)), 



7-20, LDT 



2-21, LDT 



23. hLiP 



Smith k{[iy]}„j,^ 
/W :jJ^job(Jones 
/Smith kC 



LDT 



C:LthlO( Jones) ^ 
/Smithk(C,{lW^}„,) A 
V Vl(C, Whk) :Lth (job(Jones) A lO(Jones)) 




1-22, 



24. hLiP 



/Smith k {M^Jhr A 1^ job(Jones) 
\A Smith k C A C i^^^th 10( Jones) 
/Smithk(C,{[H^}H,) A 

\iC, Whr) l.ith (job(Jones) A lO(Jones)) 



23, PL. 



□ 



In the preceding proof, observe the use of the law of proof extension, deducible by 
means of epistemic antitonicity, and expressing the monotonicity of LiP-proofs. 
Like Artemov, who interprets Lehrer and Paxson's indefeasibiUty condition for 
justified true belief as possibly corresponding to LP's sum-axiom (cf. [ArtOSap . 
we could thus interpret this condition as corresponding to LiP's proof extension. 

Corollary 5 (Gettier-example with signing). Given A := {Smith, Jones, HR}, 

{(job(Smith) Ajob(Jones)) -> _L};0 hLip 
/Smith k {[W^]}hr A (W :f^job(Jones))' 
\A Smith k C A C t^^^tu lO(Jones) 
((job(Smith) A lO(Smith)) _L) 

Proof. From Proposition |12| and Lemma [3j □ 
3.4 Multi-agent LP-like systems 

By their quality of being conservative extensions of non-interactive LP-like sys- 
tems, the following logical systems with multi-agent character inherit the lack 
of message-passing interactivity of LP in the following senses: namely the lack 



of (1) a sound truth axiom for message passing (cf. Section 3.1.1 1, (2) the trans- 
ferability of local truths by means of messages (cf. Section 3.2.2[ ), and (3) sig- 
nature checking that could act as proof checking of claimed local truths (cf. 
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Section 3.1.2). In our understanding, these lacks of LP-like systems without 
message passing are reflected by the fact that LP can only homomorph but not 
embed into interactive-proof systems with message passing like LiP. 



3.4.1 

Yavorskaya's LP^ |Yav08] is an extension of LP with multi-agent character in 
the sense that LP^ extends LP with a 2-agent view such that each one of the 
two agents 

1. has her own proof-sum, proof- apphcation, and proof-checker constructor 

2. may have a constructor for 

(a) checking the other agent's proofs, i.e., peer proofs 

(b) converting peer proofs into proofs of her own. 

LP^ being an extension of LP, our criticism of LP also applies to LP^. Also, LiP 
can manage an n-agent view for arbitrary n e N with only rt + 1 (transmittable) 
proof-term constructors (n signature constructors plus 1 pair constructor) . This 
feature is the fruit of our design decision to equip LiP with proof-term signa- 
ture constructors and an agent-parametric proof modality, which allows the 
association as proof of arbitrary data to arbitrary verifying agents within ar- 
bitrary peer communities. Whereas an extension of LP^ to LP" for a fixed 
n e N would require 3n -I- 2n{n — 1) = 2n^ + n constructors (n proof-sum plus 
n proof-application plus n proof-checker plus n{n — 1) peer-proof-checker plus 
n{n— 1) peer-proof-conversion constructors), and still not allow the free associ- 
ation of proofs to agents. In sum, LiP seems more appropriate for interactivity 
and is even simpler than would be LP". However, it could be interesting to 
parametrise Yavorskaya's agent-centric proof converters with agent communities 
so that two communities that do not share their respective common knowledge 
of what should constitute a proof could communicate with each other thanks to 
such communal proof converters. 

3.4.2 UL 

Rennc's UL [ Renl2j is an extension of Artemov's Justification Logic, JL |Art08a) 
(including Artemov's LP) with multi-agent character in the sense that UL com- 
bines JL with (multi-agent) Dynamic Epistemic Logic jvDvdHKOTj . Of course, 
dynamic extensions of static logics are interesting. The sophisticated language 
of UL is defined by staged mutual recursion on the structure of terms and for- 
mulas, and has a semantic interface in the style of LP but crucially only over 
finite Kripke-models. The mutual recursion arises in the application term con- 
structor of UL, which has a formula parameter meant to indicate the relevance 
of the second constructor argument to the constructor parameter in UL's ap- 
plication axiom. Given that sum and application can be subsumed by pairing 
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in LiP (cf. Section 3.1.2), it would be interesting to experiment with a formula- 
parametrised pair constructor in UL intended to subsume sum and formula- 
parametrised application. The justification terms in UL do not provide evidence 
for knowledge but only for belief, which is expressed with a K4-modality. (Usu- 
ally, belief is expressed with a KD45-modality |MV07| .) The restriction of UL 
to interpretation in finite Kripke-models is not unproblematic. Communication 
systems (e.g., the Internet) can not in general be faithfully modelled as finite 
transition systems and thus finite Kripke-models. 



4 Conclusion 

4.1 Assessment 

We have proposed a logic of interactive proofs with as main contributions those 
described in Section |1.4.1| Our resulting notion of proofs has the advantage 
of being not only operational thanks to a proof-theoretic definition but also 
declarative thanks to a complementary model-theoretic definition, which gives 
a constructive epistemic semantics to proofs in the sense of explicating what 
(knowledge) proofs effect in agents, complementing thereby the (operational) 
axiomatics, which explicates how proofs do so. In particular, first, interactive 
computation is semantic computation: we not only compute result values (syn- 
tax), but (knowledge) equivalence classes of them (semantics); and, second, our 
definition of interactive proofs reflects the impact of mathematical proofs in a 



social sense (cf. Section 1.2.11: if my peer knew my proof for her of a given 
statement then she would know that the statement is true. (Notice the differ- 
ent kinds of knowledge and the conditional mode!) In contrast, the traditional 
definition of (mathematical) proofs is only operational in the sense that proofs 
are defined purely in terms of the deductive operations that are used to con- 
struct them. Their pragmatics, i.e., their (epistemic) impact in proof-reading 
agents, was left unformalised, and their operational definition risks restricting 
their generality. However now thanks to our formalisation, we as a community 
have the formal common knowledge that 

• agents in distributed systems are at the same time computation oracles, 
data miners, meaning interpreters, message-passing communicators, inter- 
active provers, and logical combinators 

• a proof is that which if known to one of our peer members would 
induce the knowledge of its proof goal with that member. 

4.2 Future work 

Our future lines of research for LiP are the following: 

1. present the other interactive structures and morphisms mentioned in Fig- 
ured] 
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2. study the computability of satisfiability and global and local model check- 
ing 

3. develop the proof theory of LiP (alternative calculi, proof complexity), 
including a proof-theoretic explication of our instant interactive proofs 

4. extend LiP with guarded quantifiers, dynamic modalities, and fixpoint 
operators (Hennessy-Milner correspondence, characteristic formulas) 

5. extend LiP with the classical and the modern conception of cryptography 
mentioned in Footnote [s] (requiring resource-bounded agents) 

6. apply LiP and its variants to the analysis and synthesis of communica- 
tion protocols (proof-carrying code correct by construction via program 
extraction from constructive proofs of correctness, on-line interactive al- 
gorithms) 

7. create the Logic of Evidence and the Logic of Deception suggested on 
Page [25] 

Applying LiP means fixing four things if need be, namely, at the level of 

1. terms: 

(a) the choice of term axioms; 

(b) the application-specific base data B; 

(c) the implementation of signing, e.g., in terms of public-key cryptog- 
raphy; 

2. formulas: the set V of atomic propositions (those besides a kM) together 
with the axioms governing their intended meaning. 

This will instantiate LiP as a theory of the specific subject matter of the appli- 



cation, such as, for example, Dolev-Yao cryptography (cf. Page 12 1 
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A Completeness proof 

Completeness For all (f) E C, ii \— (f) then hup 4>- 
Proof. Let 

• W designate the set of all maximally LiP-consistent setf^ 

• for aU w, w' €W,w a/C^ w' -.iS { (j) e C \ M ■.'^ cj) e w } C w' 

• for aU w eW, w e Vc{P) :iff Pew. 

A set W of LiP-formulas is maximally LiP-consistent :iff W is LiP-consistent and W has 
no proper superset that is LiP-consistent. A set W of LiP-formulas is LiP-consistent :iff W is 
not LiP-inconsistent. A set W of LiP-formulas is LiP-inconsistent :iff there is a finite W' C W 
such that ((/\ W) — -L) S LiP. Any LiP-consistent set can be extended to a maximally LiP- 
consistent set by means of the Lindenbaum Construction IFitOTI Page 90] . A set is maximally 
LiP-consistent if and only if the set of logical-equivalence classes of the set is an ultrafilter of 
the Lindenbaum- Tarski algebra of LiP |Ven07l Page 351]. The canonical frame is isomorphic 
to the ultrafilter frame of that Lindenbaum-Tarski algebra IVen07l Page 352]. 
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Then 9Jlc := (W, {aiC^ImsA^.og^.Cc^, Vc) designates the canonical model for 
LiP. Following Fitting |Fit07l Section 2.2], the following useful property of OJlc, 



for all e £ and w E W, </> G w if and only if dJlc, w |= 0, 



the so-called Truth Lemma, can be proved by induction on the structure of (f>: 

1. Base case (0 :— P ioi P E V). For all w G W, P e w if and only if 
^Hc, w \= P, hy definition of Vc. 

2. Inductive step {(j) ■— ^(p' for (j)' £ £). Suppose that for all w € W, (j)' € w 
if and only if 9Jlc,w \= 4>' ■ Further let w G W. Then, ^0' S w if and 
only if 0' ^ w — w is consistent — if and only if SUtc , w (/>' — by the 
induction hypothesis — if and only if 9Hci w |= ^4>' ■ 

3. Inductive step {(j) :— cf)' A 0" for 0', 0" e C). Suppose that for all w G W, 
0' e w if and only if 9Jtc,w ^ 0', and that for all w € W, e w if 
and only if 9Jlc,w h Further let w G W. Then, A 4>" £ w if 
and only if {(f>' £ w and 0" £ w), because w is maximal. Now suppose 
that (j)' £ w and cf)" £ w. Hence, 9Jlc,w |= 4>' and 9Jlc,w |= </>", by the 
induction hypotheses, and thus 9Jlc, w \= (f)' f\cj)" . Conversely, suppose that 
Srjtc, w h A 0". Then, 97lc, w |= and SJlc, w h Hence, 4>' £ w and 
0" e by the induction hypotheses. Thus, (0' £ w and (/>" £ w) if and 
only if {Mc,w \= (j)' and 971c, w \= (j>"). Whence cj)' A (/)" £ w if and only if 
(9Jlc,w H and 9}lc,w \= 0"), by transitivity. 

4. Inductive step (0 := M :^ 0' for M e A^, a e yt, C C A, and 0' G £). 



4.1 


for all w £ W, (f)' £ w a and only if DJlc,w \= (p' 


ind. hyp. 


4.2 


w £W 


hyp. 


4.3 


M -.^^(j)' £W 


hyp. 


4.4 




hyp. 


4.5 


w iiC^ w' 


hyp. 


4.6 


{ 0" e £ 1 M :^ 0" e w } C w' 


4.5 


4.7 


(p' £ { (t)" £ C \ M 0" e w } 


4.3, 4.6 


4.8 




4.6, 4.7 


4.9 


OTclw' 1= 0' 


4.1, 4.4, 4.8 


4.10 


if w A/C^ w' then OTc, w' h 


4.5-4.9 


4.11 


for aU w' e W, if w w' then OJlc, w' h 0' 


4.4-4.10 


4.12 




4.11 


4.13 


M :C 0' ^ ui 


hyp. 


4.14 


J- = { 0" e £ 1 A/ :C 0" e w } U 


hyp. 


4.15 


is LiP-inconsistcnt 


hyp. 
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4.16 there is {Mf^4>i,..., M :^ C w such that 

hup (01 A ... A 0„ A ^4>') ± 4.14, 4.15 

4.17 {M:C0i,...,M:C0„} C w and 

l-LiP ((/ii A . . . A (/i„ A ^(f)') -> ± hyp. 

4.18 hLiP A . . . A (/)„) ^ (/)' 4.17 

4.19 hLiP (M :C A ... A 0„)) Af 0' 4.18, regularity 

4.20 hLiP ((Af:C0i)A...A(Af:C0„))^ Af:C0' 4.19 

4.21 M :^ 0' e w 4.17, 4.20, w is maximal 

4.22 false 4.13, 4.21 

4.23 false 4.16, 4.17-4.22 

4.24 T is LiP-consistent 4.15-4.23 

4.25 there is w' ^ J- s.t. w' is maximally LiP-consistent 4.24 

4.26 T Q w' and w' is maximally LiP-consistent tiyp- 

4.27 { 0" e £ I M :^ 0" G w } C J- 4.14 

4.28 { 0" e £ I Af :^ 0" e w } C w' 4.26, 4.27 

4.29 «; jwCg ly' 4.28 

4.30 u)' e W 4.26 

4.31 ^0' e J" 4.14 

4.32 ^0' e w' 4.26, 4.31 

4.33 0' ^ w' 4.26 («;' is LiP-consistent), 4.32 

4.34 OTc,u''^0' 4.1,4.33 

4.35 there is e W s.t. w jv/C^ w' and Sr)Tc,w' |^ 0' 4.29, 4.34 

4.36 mcw"^ M-P^(j3' 4.35 

4.37 9Jlc, w ^ Af :C 0' 4.25, 4.26-4.36 

4.38 mc,w ^ Af :^ 0' 4.14-4.37 

4.39 Af :^ 0' G w if and only if 9Jtc, w h ^'^ :« -Z*' 4.3-4.12, 4.13-4.38 

4.40 for all w G W, Af :^ 0' e w if and only if Oltc, w h M 0' 4.2-4.39 

With the Truth Lemma we can now prove that for all G £, if I/lip then 
^ 0. Let G £, and suppose that I/lip 0- Thus, {^0} is LiP-consistent, and 
can be extended to a maximally LiP-consistent set w, i.e., ^0 G w G W. Hence 
97tc,w h ^0, by the Truth Lemma. Thus: mc,w ^ 0, OTc ^ 0, and ^ 0. 
That is, OJtc is a universal (for aZ/ G £) counter-model (if is a non-theorem 
then OKc falsifies 0). 

We are left to prove that 9JTc is also an LiP-model. So let us instantiate our 



data mining operator cl^ (cf. Page 18 1 on W by letting for all w G W 



msgS£j(w) := { Af | a k Af G w }, 



and let us prove that: 
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1. (a) for all weW,iiM £ cl™(0) then w mC^ w 

(b) for all C CA,iiCC C then j,/:'^ C jv/Cf 

(c) for all w, w' , w" € W, if w mC^ w' and w' mC^ w" then w mG^ w" 

2. for all weW: 

(a) if (for all w' €W,M€ cl^'(0) implies M' e cl^'(0)) then ^[M']^ C 

(b) if ^ 0' e ^iMlf and e ^iM'lf then 0' € „I(M, M')f 

(c) if e jMil then for all b e CU{a}, a kMAM :C </, e J^^^"> 
where 

^[Ml^ := {<^e£|aJlc,«^HM:^0}. 

For (l.a), let w € W and suppose that M e cl^(0). Hence akM € w due to 
the maximality of w, which contains all the term axioms corresponding to the 
defining clauses of cl™. Further suppose that M -.^cf) &w. Since w is maximal, 

(M :^ 0) ^ (a k M ^ 0) e w (epistemic truthfulness). 

Hence, aV.M ^ (f) & w, and (j) &w,'by consecutive modus ponens. 

For (l.b), let C CA and suppose that C C C. That is, CuC = C. Further, 
let w,w' GW and suppose that w j^C^ w'. That is, for all </> G £, if {M :^ </>) e w 
then (j!) e w'. Furthermore, let e £ and suppose that (M :^ 0) e w. Thus 
(M :^uc' ^) g y,. Since w is maximal, 

(M <j)) ^ M -^(j) &w (group decomposition). 

Hence [M ■.'^(j)) & w by modus ponens, and thus (j) G w'. 

For (l.c), let w,w',w" G 5 and suppose that w jjj^ w' and j^C^ w". 
Further suppose that M G w. Since w is maximal, 

{Mi4>)^ /\ ({IM]}„:^^{">(M:^.^))eu; (peer review, short). 

6£CU{a} 

Hence A6eCu{a}({[-^]}a (-^-a '/')) & why modus ponens, and thus for all 

6 e C U {a}, {[M]}^ (M :^ 0) e w, in particular {[M]}„ (M :^ </)) e 

Since w is maximal, 

(Ma ^a""^"^ <^)) ^ {[ML :^ <^) e «; (group decomposition). 

Hence {[M]}^ :^ (M :^ 0) e w by modus ponens. Since w is maximal, 

({I-^]}a {Mi4>))^M :^ (M :^ <^) e «; (self-signing eUmination) . 
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Hence M :^ (M :^ </>) € w by modus ponens. Hence, M -.^(p £ w' by w a/C^ w', 
and then (/) G w" by w' a/C^ w". 
For the rest, let w g W. 

For (2.a), suppose that for all w' eW, M £ cl^'(0) implies M' e cl^'(0). 
Hence for all w' G W, akM G w' implies akM' g w' due to the maximality of 
w' , which contains all the term axioms corresponding to the defining clauses of 
cl™'. Hence for aU w' e W, Mc, w' akM implies Mcw' |= akM', by the 
Truth Lemma. Thus for all e W, OTc, w' ^ akM ^ akM'. Hence for aU 
w' G W, akM ^ ak M' G w' by the Truth Lemma. Hence also: 

• for all w' e W, (M' :^ 0) — > Af fg^cj) £ w' by the universality of the canon- 
ical model and epistemic antitonicity 

• in particular, [M' :^ (p) ^ M -.^(p £ w. 

Further, let e £ and suppose that (j> £ ^{M'f^. Thus, Tlc^w |= M' :^ (p by 
definition, and M' :^<p £ w hy the Truth Lemma. Hence M £ w hy modus 
ponens. Thus DJlcw \= M :^ by the Truth Lemma, and thus cp £ ^|M]^ by 
definition. 

For (2.b), suppose that ^ 0' e ^[M]^ and G „[M']^. Thus, Mc^w \= 
M:^{(p^ (p') and Mcw \= M' -.^ cj), by definition. Hence, M:^{(j)^ cp') £ w 
and M' :^ € w, by the Truth Lemma. Since w is maximal, 

(M :^ {(P P')) ^ ((M' :^ </>) ^ (M, M') :^ </>') G w (generahsed Kripke-law). 

Hence, (M' :^ 0) (M, M') :^ 0' £ w, and (M, M') :^ 0' e w, by consecutive 
modus ponens. Thus SJtcjW H {-^'^t -^') -a 'P' by the Truth Lemma, and 0' € 
^[(M,M')1^ by definition. 

For (2.c) suppose that p £ ^[M]^ and 6 e C U {a}. Hence, 97lc, w |= M :^ 
by definition, and M :^ cj) £ w by the Truth Lemma. Let w' £ W and suppose 

that w iM^Cl""^"^ w'. Thus { G £ | p/]}„ i^''^''^ e w } C w' by definition. 
Since w is maximal, 

(M:^0)^ /\ ({[M]}„:^^^'^>(akMAM:C0))ew (peer review). 

6eCU{a} 

Hence, A6ecu{a}(Ma ^^""^"^ (akMAM:^^)) £ w, and {M}^ i^^^'^^ (akM A 
M'.^cp) £ w, by consecutive modus ponens; and hence akMAM:^(/) g w'. 
Thus dJlc, w' \= ak AI A M -.^ (p hy the Truth Lemma. Discharging hypotheses, 

Mcw^ {ML :6 ""^"^ (a k M A M :C 0) . Thus a k M A M :f </. e „ [{[A^Llfc ""^"^ 
by definition. □ 

B Other proofs 

B.l Proof of Theorem [T] 

Let "FT" abbreviate "propositional tautology" and "PL" "propositional logic" , 
and let PT and PL refer to the propositional fragment of LiP only. 
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hLiP ak(M,M') ^ {akM AakM') 
l-LiP {akM Aak M') akM 
hup ak(M, M') -i> akM 

2. Symmetrically to 1. 

3. (a) 

(b) 
(c) 

(d) ^L: 

(e) ^L: 

4. (a) 

(b) Hl: 
(C) ^L: 
(d) ^L: 

5. (a 

(b; 
(c; 
(d; 
(e; 

6. (a 



unpairmg 
PT 
a, b, PL. 



P a k (M, M) ^ a k M 
P a k M ^ (a k M A a k M) 
P (a k M A a k M) ^ a k (M, M) 
P a k ^ a k (M, M) 
P a k (Af, M) a k M 

P (a k M A a k Af) ^ a k (M, Af') 
P (akAf' AakAf) ^ak{M',M) 
P (akAf AakAf') o (a k Af' A a k Af) 
P ak(Af,Af') o ak(Af',Af) 

P {akM ^ akM') o (a k Af ^ (a k Af A a k A^')) 
P (akAf AakAf') <^^ak(Af,Af') 
P (akAf ^akAf') (akA/ ak(Af,Af')) 
P ak{M,M') -^akM 

P (akAf^akAf')<^^(ak(Af,Af')<^^akA4") 

P a k a knowledge of one's own name 

paka-)>(akAf-)-aka) PT 



left or right projection 
PT 

pairing 

b, c, PL 
a, d, PL. 

[un] pairing 
[un] pairing 
PT 

a, b, c, PL. 
PT 

[un] pairing 
a, b, PL 
left projection 

c, d, PL. 



(b 

,ipakAf— >aka b, c, PL 
,iP (a k Af ^ a k a) ^ {ak (Af , a) O a k Af ) neutral pair elements 

,iP a k (Af , a) a k Af c, d, PL. 

,iP (a k Af A a k (Af ', Af")) ^ ak (Af, (Af ', Af ")) [un]pairing 

,iP (a k Af ' A a k Af ") o a k (Af ', Af ") [un] pairing 

,iP (akAf A (akAf'AakAf")) ■H-ak(Af, (Af',Af")) a, b, PL 
,iP (akAf A(akAf'AakAf")) <H- ((a k Af A a k Af') A ak Af") PT 

,iP ((a k Af A a k Af ') A a k Af ") ^ a k (Af , (Af ', Af ")) c, d, PL 

P (a k Af A a k Af ') •H- a k (Af , Af ') [un]pairing 

P (a k (Af , Af ') A a k Af ") o a k (Af , (Af ', Af ")) e, f, PL 

P (ak(Af,Af')AakAf")oak((Af,Af'),Af") [un]pairing 

P a k (Af , (Af Af ")) oak ((Af , Af'), M") g, h, PL. 



8. By propositional logic and epistemic antitonicity. 
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• 9-10 and 17 follow directly from epistemic antitonicity and the correspond- 
ing pairing laws by propositional logic. 

11. By propositional logic directly from proof extension left and right. 



• 12-13 and 15-16 follow directly from epistemic bitonicity and the corre- 
sponding pairing laws by propositional logic. 



14. 


(») 
(d.) 


l-Lip akM ^ akM' 


hypothesis 






l-Lip (a k M a k M') o (a k (M, M') o a k M) neutral pair 
elements 




(c) 


h-LiP ak{M, M') o akM 


a, b, PL 




(d) 


{a k (M, M') ^ o k M] hup (M, M') :^ 
bitonicity 


(j) -k^ M -^(j) epistemic 




(e) 


hup {M,M')i^^Mi^ 


c, d, PL 




(f) 


{akM ^ akM'} hup {M,M'):'^^(I) <^ M 


:^ (j) a-e, definition. 


18. 


(a) 


huP ((M:^0)V6:^</.)^(M,6) :C 


proof extension 




(b) 


hupak{IM]},^ak(M,6) 


signature analysis 




(c) 


hup((M,&) i 0)^{[M]},:C</, 


b, epistemic antitoncity 




(d) 


huP mi '/')V6:C 0)->{[M]},:C<^ 


a, c, PL. 


19. 


(a) 


KiP m}^:U)^Mi^ 


self-signing elimination 




(b) 


hup m:U)ybi ^)^m}a--a'^ 


signing introduction 




(c) 


huP (M:C</,)^{[M]}„ :C,/> 


b, PL 




(d) 


^LiP ({[M]}„:^</.)oM:^.^ 


a, c, PL. 



20. Suppose that A = {a}. 



(a) Let us proceed by induction over M & M. 

i. base case, i.e., M := 6, for b €: A. Hence b = a, and thus 
hLiP akb because hLip aka. 

ii. inductive step for M := {[M']}^, for M' <E M and 6 e ^. Hence 
b = a, and thus hLip a k M' ^ a k {[M']}^ because hLip a k M' ^ 
ak{M']}^. Suppose that hup akM'. Hence hup ak{[M']}(„ by 
modus ponens. 

iii. inductive step for M := {M',M"), for M',M" e A1. Suppose 
that hLiP akM' and htiP akM". Hence hLiP a k M'Aa k M", by 
propositional logic. Now, hLip (a k M'Aa k M") ^ o k (M', M"), 
and hence hLip a k (M', M"), by modus ponens. 

(b) i. hLip a k (M, M') total knowledge 

ii. hLip a k M A a k M' i, unpairing 

iii. hLip akM akM' ii, propositional logic. 

(c) Jointly from b and epistemic bitonicity by propositional logic. 
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2 Proof of Theorem [2] 



1. 


(a) 


hLiP {Mi (0^0'))-^((M:C< 


i>)^{M,M) i 


(/)') GK 




(b) 


hLiP ((M,M) i ct)')^Mic^' 




proof idempotency 




(c) 




v)-^ M-y^cf)) 


a, b, PL. 


2. 


(a) 


{(j) 0'} C LiP 




hypothesis 




(b) 


(0 0') e LiP 




a, definition 




(c) 


^LiP 0^0' 




b, definition 




(d) 


hLiP M :C (0 ^ 0') 




c, necessitation 




(e) 


hLiP (M i (0 ^ 0')) ^ {{M : 


icj))^M i </)') 


K 




(f) 


hLiP (Af :C 0) ^ Af :C 0' 




d, e, PL 




(g) 


((M :C 0) ^ Af i 0') e LiP 




f, definition 




(h) 


hLiP {Mi 4')^Mi 




a-g, definition. 


3. 


(a) 


{(f) O 0'} C LiP 




hypothesis 




(b) 


(0 4^ <t>') e LiP 




a, definition 




(c) 


hLiP 4^ 0' 




b, definition 




(d) 


l-LiP (f>^<P' 




c, PL 




(e) 


hLiP (M :C 0) ^ Af :C 0' 




d, regularity 




(f) 


I^LiP <t>' ^ 4> 




c, PL 




(g) 


hup (Af:C 0')^M:C0 




f, regularity 




(h) 


hLip (Af:C 0)oAf:C 0' 




e, g, PL 




(i) 


((A.f:C 0)OA/:C 0') e LiP 




h, definition 




0) 


{^O^Z-'l^LiP (M:C 0)oAf:C 


0' 


a-i, definition. 



4. By regularity, epistemic antitonicity, and the transitivity of 

5. By epistemic regularity and prepositional logic. 



6. 



{M,M')i (0A0')) GK 



(a) hup (A./:C(0'^(0A0')))^((M':S'/'') 

(b) hLiP 0^ (0' ^ 

(c) hLiP (Af:C0)^Af:C(<^'^(0A<^')) 

(d) hLiP {M i 0) ^ {{M' i d^') ^ (A/, Af) i (0 A 0')) 

(e) hLiP {{M i 0) A M' i 0') ^ (Af, A//') i (0 A 

7. (a) hLip {{M i (t>) A M i (j)') -> (Af, Af ) :^ ((/) A 0') proof conjunctions 

(b) hLiP {{M, M) i {(j) A (j)')) O Af :^ A (f)') proof idempotency 



PT 

b, regularity 
a, c, PL 
d, PL. 



(c) hLiP {{Mi<p)^Mi<p') 

(d) hLiP {<tyhc^')^<ty 



Mi (0A0') 



a, b, PL 
PT 
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(ej 


hLiP M ((/) A j -> M 


d, regularity 




/f\ 


^LiP (.(?> A (/) j — )■ (/> 


'DT' 
r i 




/rr\ 
[S) 


I— f ]\/r -C f J. A A.'W \ Ti/T -C J.f 


f, regularity 




w 


i_ A/f .c / A ^ i\/T .c A 7V/f .c j^f\ 


e, g, t'L 




(l) 


l_ ?V/f .C A Jl/f .C J^f\ J V A/f .C { A 


c, n, rL. 


8. 


(a) 


hLiP (M:C</,)->(M,M'):^<^ 


proof extension, right 




(b) 


^LiP (/) ^ (0 V 0') 


PT 




(c) 


hup ((M, M') :C 0) ^ (M, M') (</, V 0') 


b, regularity 




(d) 


hLiP (M:^0)^(M,M'):^ (0V<^') 


a, c, PL 






hLip (M':^</,')^(M,M'):^.^' 


proof extension, left 




(f) 


hLiP ^ (0 V c6') 


PT 




(g) 


hLiP ((M, M') :C 0') ^ (M, M') (0 V 


f, regularity 




(h) 


hLiP (M' :C 0')^(M,M'):^ (0V0') 


e, g, PL 




(i) 


hLiP ((M :C V (M' :C 0')) ^ (M, M') :C 


V 0') d, h, PL. 


9. 


(a) 


hLiP ((M :^ (/)) V M :^ 0') ^ (M, M) :^ ((/) V <i)') proof disjunctions 




(b) 


hLiP ((M, M) :C (0 V 0')) ^ M :C (0 V 


proof idcnipotcncy 




(c) 


hLiP ((M :C V M :C 0') ^ M (0 V 0') 


a, b, PL. 


10. 


(a.) 


hLip a ka knowledge of one's own name 




(b) 


KipT 


a, definition 




(c) 


hLipM:^T 


b, necessitation. 


11. 


(a) 


hLiP (a:^0) ^ (aka^ </>) 


epistemic truthfulness 




(b) 


hLip a k a knowledge of one's own name 




(c) 


hup a k a ^ ((a k a — )• 0) ^ 0) 


PT 




(d) 


hup (a k a ^ 0) — >■ 


b, c, PL 




(e) 


^LiP (a :^ ^) ^ <?i 


a, d, PL. 


12. 


(a) 


Ws ^LiP a ?!> 


necessitation 




(b) 


{a:^0}CLiP 


hypothesis 




(c) 


(a:^</,)eLiP 


b, definition 




(d) 


hup a-p^4> 


c, definition 




(e) 


^LiP (a :a 0) ^ 


self-truthfulness 




(f) 


huP 


d, e, PL 




(g) 


{a :^ 0} hup 4> 


b-f, definition 




(h) 


<P HI-LiP a:^ 


a, g, definition. 



55 



13. (a) l-Lip (M :^ _L) ^ (a k M -J> ±) epistemic truthfulness 

(b) hLiP ((M :C _L) A a k M) _L a, PL 

(c) hLiP (((M:C_L)AakM)^_L)^^((M:^_L)AakM) PT 

(d) hLiP -((M i±)Aak M) b, c, PL 
(c) hLiP a k M ^(M :^ ±) d, PL. 

14. By the preceding law and knowledge of one's own name string. 

15. (a) hLip a kM — )• ^(M :^ 1) nothing known can prove falsehood 

(b) hup ((/.A-<^)^± PT 

(c) hup a k M ^ ^(M :^ {4> A ^^)) a, b, PL 

(d) hup ((M :^ 0) A M :^ -it^i) -H- M :^ (0 A -■(?!)) proof conjunctions his 

(e) huP a k M -> -((M :^ </,) A M :C ^(A) c, d, PL 

(f ) huP akM ^{{Mi4>)^ -(M :C ^,^)) e, PL 

(g) hLiP akM ^ {{Ad :C ([,) M ^) f, definition. 

16. By the preceding law and knowledge of one's own name string. 

17. (a) huP (M :^ T) ^ Aaecu{6} (Mb ^a""^'^ (6 k M A M :^ T))peer review 

(b) hLip M :^ T anything can prove truth 

(c) huP Aaecuw mh ^a""^'^ (6 k M A M :^ T)) a, b, PL 

(d) hup {[M]}(, i^^^'^ (6 k M A M :^ T) 6 e C U {6}, c, PL 

(e) huP -""^'^ (6 k M A M :^ T)) ^ ^M}^ :^^{^> 6 k M proof conj. 

bis 

(f) hup flMj^i^^^'UkM d, e, PL. 

18. (a) hLiP IM}^ -.y^"^ akM authentic knowledge 

(b) hLiP {iM}^ a k M) {[M]}„ a k M group decomposition 

(c) hup{[ML:0akM a, b, PL 

(d) hLip ({[M]}^ :® a k M) ^ M :® a k M self-signing elimination 

(e) hup M:^ akM c, d, PL. 

19. (a) huP (M:C^)^ A(,ecu{a} (Ma ^^^"^("kM AM :C0))peer review 

(b) 6 e C U {a} hypothesis 

(c) hLip (M :^ 0) — >• (a kM ^ (^) epistemic truthfulness 

(d) hup (akMAM:^(/.) ^ c, PL 

(e) hLiP ({[M]}„ :^^^"> {akMAM:^))^ {[M]}„ :^^^"> </,d, regularity 

(f) ^UTAbecuiu}iima'b''^''HakMAMi<l>))^mu--t''^''^<P) ^ 
e,PL 
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(g) 


hLiP (M i 0) ^ A6eCU{a}(Ma ^b""^"^ <P) 


a, f, PL. 


20. 


(a) 




group decomposition 




(b) 




CuC =C'UC 




(c) 


^LiP 0)^(M:f 0) 


group decomposition 




(d) 


^LiP (M :^uc ^) ^ x 0) 


b, c, PL 






hi ip (M 6) ((M ■'^6)AM 6) 


a, d, PL. 


21. 


(a) 




group decomposition 




(b) 


hLiP (M :^ 0) ^ A6eCU{a}(Ma ^"""^"^ 


simple peer review 




(c) 




o e C U {a}, b, PL 




(d) 


^LiP ({[M]}„ :S^{"> <A)OM:^^W0 


self-signing idempotency 




(e) 




c, d, PL 




(i) 




a, e, PL. 


22. 


(a) 


l-Lip a kM — )• ((M :^ (^) — )• (j)) epistemic truthfulness, PL 




(b) 


^LiP mi a --U^M)^ M„ :^ ((M :^ ■ 


<p) a, regularity 




(c) 


hLiP {[M]}„:^^{">akM 


authentic knowledge 




(d) 


^LiP :S^{"> a k M) {[M}„ :^ a k M 

element 


self-neutral group 




(c) 


KiP {lM]}„:CakM 


c, d, PL 




(f) 


KiP flML:S((M:S</-)^0) 


b, c, PL 




(g) 


^LiP --a m i ^ </>)) ^ M :C ((M 
idempotency 


:^ 0) — (/)) self-signing 






hLipM:^((M:^</,)^.^) 


f, g, PL. 



23. By instantiating the previous law with regularity 6^5, and proposi- 
tional logic. 

24. (a) hLiP {Mi<j>) ^ AftecuwlMa^b''^"^ (a kM A M :^ </,))peer review 

(b) 6 e C U {a} hypothesis 

(c) hup (M i 4,) ^ A6ecu{a} (Ma ^6 ""^"^ <t>) simple peer review 

(d) hLiP (a k M A M :^ <A) ^ KbeCu{a} (Ma ^6 ""^"^ c, PL 

(e) hup ({[M]}^ (a k M A M :C </,)) ^ d, regularity 

(f) ^LipA6ecu{a}(({[^L:'''^"^(«kMAM:C,/,))^ b^, PL 

i""^"^ (A6eCuw(Ma ^^""^"^ <^))) 
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{g) hup (M --U) ^ a,f,PL 

(h) hLiP (M:C</,)^ aeCU{a},g,PL 

(i) hup {[M]}, r^^^-^^ ( A,,cu{a} (fl^L ^'''^''^ '^)) ^ self-neutral group 
element 

(j) hLiP (M :^ 0) ^ {[M]}„ :^ (A6eCu{a}(Ma ^^^"^ 'P)) i, PL 

(k) hLiP mi a i iAbecuiaymia ^"""^"^ <^))) ^ self-signing 

idempotency 

(1) huP (M :^ M :C (A,eCu{a}(Ma ^^"^^"^ </>)) j> k, PL. 

25. (a) hup (M :^ 0) ^ M :^ ({M}^ (^) simple peer review bis 

(b) hLiP ({[M]}„ {[M]}„ :^ self-neutral group element 

(c) hLiP (M :^ ({[M}„ :^^{«> .^)) M :^ ({[M]}„ :^ </,) b, regularity 6^5 

(d) hLiP (M :^ ^ M :C ({[M]}, a, c, PL 

(e) hLip ■a'P)''^^-a't> self-signing idempotency 

(f) hLiP (M :C ({[M]}^ :C </,)) o M :C (M :C ^) e, regularity 

(g) hLiP (M:C^)^M:C(M:C</,) d, f, PL 

(h) l-Lip M :^ ((M :^ 0) (/)) self-proof of proof consistency 

(i) hup (Af ((Af :C ^ ^)) ^ ((Af i {M 0)) ^ A^ :^ K 
(j) huP (M :^ {M :^ </,)) ^ Af h, i, PL 
(k) hup [M i [M i 4,)) ^Micj> g, j, PL. 

26. Jointly from the law of total knowledge, and the law that nothing known 
can prove falsehood, epistemic truthfulness, and proof consistency, respec- 
tively. 
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